ClawHub

GiftDrop

Security checks across malware telemetry and agentic risk

Overview

GiftDrop matches its crypto-gifting purpose, but it asks agents to handle wallet keys and broadcast real Solana transfers without enough safety gates.

Use only with a dedicated low-balance wallet, never a primary wallet or seed phrase. Verify the GiftDrop domain, host wallet, network, token mint, amount, fees, and service trustworthiness before signing anything, and require manual approval before any transaction is broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users/agents to perform irreversible on-chain transfers and claims, including sending SOL/SPL tokens to a fixed host wallet, but does not provide an explicit warning that blockchain transfers are generally non-reversible and may be unrecoverable if the destination, amount, or service behavior is wrong. In an agent context this is especially risky because the workflow can cause real asset movement based solely on the document's instructions, increasing the chance of permanent financial loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill asks the user/agent to sign a message to register an API key and then use that key for authenticated actions, but it lacks clear guidance to protect private keys, avoid exposing signatures or API keys in logs, and verify exactly what is being signed. In wallet-enabled agent environments, poor secret-handling guidance can lead to credential leakage, unauthorized API use, or unsafe signing behavior that normalizes signing arbitrary prompts.

External Transmission

Medium
Category
Data Exfiltration
Content
ix = transfer(TransferParams(from_pubkey=kp.pubkey(), to_pubkey=HOST, lamports=500_000_000))  # 0.5 SOL
msg = MessageV0.try_compile(kp.pubkey(), [ix], [], blockhash)
tx = VersionedTransaction(msg, [kp])
tx_resp = requests.post(RPC, json={"jsonrpc":"2.0","id":1,"method":"sendTransaction","params":[base64.b64encode(bytes(tx)).decode(),{"encoding":"base64"}]})
funding_tx = tx_resp.json()["result"]
time.sleep(15)  # wait for confirmation
Confidence
91% confidence
Finding
requests.post(RPC, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal