ClawHub

A-Corp Foundry

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only A-Corp Foundry skill that is coherent and disclosed, but it covers powerful financial, governance, privacy, and operator actions that users must control carefully.

Install only if you intend an agent to help use A-Corp Foundry. Use least-privilege keys, keep participant/operator/admin credentials out of logs and shell history, and require fresh human approval before trades, deposits, treasury access changes, reward distributions, governance resolutions, public posts, KYC/privacy processing, freezes, or kill-switch actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (39)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The Quick Start references `POST /dao/:id/open-offering`, but the documented treasury access control model uses `PATCH /acorp/:id/treasury/access` with `publicContribute`. In a system involving real on-chain treasury contributions, inconsistent endpoint guidance can cause agents to call the wrong interface, fail open, or rely on undocumented behavior when moving funds or changing access controls.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The veto section states both that any member can propose a veto and elsewhere that any proven predictor can do so, creating an authorization ambiguity around a governance safety mechanism. For agents acting autonomously, conflicting eligibility rules can lead to unauthorized governance attempts, mistaken assumptions about who can block proposals, or abuse if implementations drift toward the more permissive interpretation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The credits workflow describes depositing funds via token approval and `vault.deposit(...)` on Base without an explicit warning that this can move real assets and may be irreversible once submitted on-chain. In an agent-oriented skill, omission of a transaction-finality warning increases the chance that an autonomous or semi-autonomous user will initiate real financial actions without adequate confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The treasury contribution section instructs users to send USDC to an a-corp Safe and ties contribution amount to governance influence, but it does not clearly warn that this involves real asset transfer to an on-chain treasury. Because these contributions affect both funds custody and governance weight, an agent could cause irreversible financial loss and unintended power allocation if it acts on these instructions without clear safety prompts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The execution intent API is documented with example actions such as `deploy_contract` but lacks a conspicuous warning that prepared intents may lead to consequential on-chain execution. In an agent skill centered on coordination and execution, failing to emphasize operational and financial impact makes autonomous misuse more likely, especially where intents can trigger contract deployment or treasury-affecting actions.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The skill documents an operator/admin endpoint for processing privacy requests and shows completing requests with no warning about sensitivity, authorization rigor, or irreversible consequences. In a compliance workflow, underemphasizing these safeguards can lead to accidental or improper fulfillment of deletion/export requests, causing data loss or privacy breaches.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section documents authenticated trade and sell endpoints that directly create, modify, or unwind financial positions, but it does not clearly warn that these calls can spend collateral, incur losses, and change live market exposure. In an agent-skill context, presenting executable examples without explicit confirmation requirements increases the chance an automated agent or inattentive user performs unintended real-asset actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The proposal-creation fields include isBinding, treasuryTransfers, executionTarget, and executionData, which can cause automatic execution, treasury movement, or smart-contract calls, yet the documentation lacks a strong warning that these actions may be irreversible and governance-significant. In a coordination skill for agentic companies, omitting that warning is especially dangerous because an agent may treat these fields as routine configuration rather than high-risk execution controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The decide, finalize, close-prediction, resolve, redeem, cancel, and veto endpoints all alter governance, payout, or market-finality state, but the documentation does not prominently warn that these operations can finalize outcomes or prevent reversal. Such omission is risky because an agent could invoke them as normal workflow steps without understanding that they may lock in decisions, settle claims, or cancel live proposals.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents a vote-resolution endpoint that triggers real governance side effects such as activating an A-Corp or replacing an operator, but it does not explicitly warn that invoking resolution can finalize irreversible organizational changes. In an agent-skill context, this omission increases the chance that an automated agent treats the action as routine API usage rather than a high-impact state transition.

Missing User Warnings

High
Confidence
95% confidence
Finding
The DDM act example includes a treasury_transfer operation with an amount and recipient, but the documentation does not clearly warn that this can move funds or assets. In a coordination skill intended for agents, presenting a fund-transfer call as a normal example without a strong caution materially raises the risk of unintended or over-broad financial actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill provides one-step examples for operationally destructive actions such as pause, unpause, freeze, and kill, but does not require any explicit human confirmation, dry-run, secondary approval, or safety interlock for several of those controls. In an agent-skill context, documentation like this can be directly operationalized by an automated system, increasing the risk of accidental or coerced service disruption, account freezing, or irreversible loss of control over funds and entity state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document includes state-changing reward distribution and liquidity/funds-related operations without any warning that these actions can move assets, trigger payouts, or be difficult to reverse. In an agent skill context, this increases the risk that an automated agent or operator invokes destructive financial actions without human review or preflight validation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication section shows use of bearer and admin credentials but does not warn against embedding secrets in shell history, logs, screenshots, or agent traces. In agent-driven environments, this omission can lead to credential leakage and subsequent unauthorized API access, including privileged admin actions.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill documents freeze/unfreeze treasury controls that directly affect availability of treasury outflows, but it does not include an explicit warning about the operational and governance impact of invoking them. In a treasury-management context, omission of warnings can lead to accidental service disruption or misuse of privileged controls during normal operation.

External Transmission

Medium
Category
Data Exfiltration
Content
### Update DAO Status (Admin Only)

```bash
curl -X POST https://api.acorpfoundry.ai/dao/admin/update-status \
  -H "X-Admin-Key: <admin_key>" \
  -H "Content-Type: application/json" \
  -d '{"daoId": "cm...", "status": "active", "registrationRef": "MI-DAO-2026-001"}'
Confidence
90% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Configure provider (operator only)
curl -X POST https://api.acorpfoundry.ai/whitelist/<acorpId>/kyc-integration \
  -H "Authorization: Bearer <operator_api_key>" \
  -H "Content-Type: application/json" \
  -d '{"provider": "synaps", "apiKeyEncrypted": "enc_...", "webhookUrl": "https://..."}'
Confidence
88% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"provider": "synaps", "apiKeyEncrypted": "enc_...", "webhookUrl": "https://..."}'

# Get config
curl https://api.acorpfoundry.ai/whitelist/<acorpId>/kyc-integration \
  -H "Authorization: Bearer <api_key>"
```
Confidence
84% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
### List Entries for an A-Corp

```bash
curl "https://api.acorpfoundry.ai/audit/<acorpId>?limit=100&action=warning_acknowledged"
```

Cursor-based pagination: use `nextCursor` from the response as the `cursor` query param for the next page.
Confidence
91% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
### List Entries for a Participant

```bash
curl "https://api.acorpfoundry.ai/audit/participant/<participantId>?limit=100"
```

## Data Privacy (GDPR)
Confidence
93% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
### Process a Request (Operator/Admin)

```bash
curl -X POST https://api.acorpfoundry.ai/privacy/requests/<requestId>/process \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{"status": "completed", "responseNote": "Export file sent to registered email."}'
Confidence
86% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Create a Proposal

```bash
curl -X POST https://api.acorpfoundry.ai/proposals/<acorpId>/create \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
72% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
After creation, submit the proposal for a member routing vote:

```bash
curl -X POST https://api.acorpfoundry.ai/proposals/<proposalId>/submit \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{"routingVoteDurationHours": 48}'
Confidence
69% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Open the Market

```bash
curl -X POST https://api.acorpfoundry.ai/proposals/<proposalId>/open-market \
  -H "Authorization: Bearer <api_key>"
```
Confidence
70% confidence
Finding
https://api.acorpfoundry.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
### Execute an Advanced Trade

```bash
curl -X POST https://api.acorpfoundry.ai/proposals/<proposalId>/trade \
  -H "Authorization: Bearer <api_key>" \
  -H "Content-Type: application/json" \
  -d '{"optionId": "cm...", "isLong": true, "ctAmount": 100}'
Confidence
88% confidence
Finding
https://api.acorpfoundry.ai/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal