ClawHub

TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce

Security checks across malware telemetry and agentic risk

Overview

TigerPass is a coherent crypto wallet and trading skill, but it gives an agent broad autonomous authority over real funds with limited documented guardrails.

Install only if you intentionally want an autonomous crypto wallet/trading agent. Verify the TigerPass CLI source and version, start with a fresh low-balance wallet, use testnet or simulation first, require explicit approval for every trade, payment, bridge, approval, contract write, owner command, and x402 payment, and avoid unlimited approvals unless you know how to monitor and revoke them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises itself with an extremely broad 'Use when' list covering generic finance, trading, payments, contract execution, and autonomous-agent scenarios. In an agent ecosystem, this can cause the skill to be selected in overly broad contexts and trigger high-risk blockchain actions when the user did not explicitly request live financial execution, increasing the chance of unintended trades, transfers, or contract calls.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill enables live mainnet transfers, swaps, bridging, smart-contract execution, and trading, yet the early 'Get Started' flow emphasizes ease and speed without a prominent upfront warning that actions are irreversible and can lose real funds. Because this skill is designed for autonomous signing, the absence of strong front-loaded warnings and confirmation requirements materially increases the likelihood of accidental financial loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Polymarket section presents wagering and arbitrage strategies as straightforward opportunities and even frames profits as systematic, without a clear warning that this is real-money speculative activity subject to fees, slippage, market risk, resolution risk, and total loss. In an agent skill, such framing can encourage autonomous betting behavior without adequate risk disclosure or operator consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This guidance tells agents to trust verified owner messages and directly execute requested actions, including on-chain transactions such as swaps, without requiring any additional policy checks, risk limits, or explicit human confirmation for sensitive operations. In the context of a wallet/trading skill with autonomous signing, this can enable large financial loss if owner verification is bypassed elsewhere, a co-owner is compromised, or an authorized owner sends an unsafe or ambiguous command.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section documents real on-chain write operations such as contract execution, batched calls, and token approvals, including unlimited approvals, without a prominent warning that these actions can irreversibly move funds or grant ongoing spend authority. In an autonomous agent wallet context, omission of explicit safety guidance materially increases the chance that an agent or operator will execute dangerous transactions against the wrong contract, calldata, or spender.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The x402 flow explains how to sign a payment payload and retry the HTTP request but does not explicitly warn that doing so authorizes an actual payment from the wallet. Because this skill is designed for autonomous signing and agent-to-agent commerce, an agent could treat the flow as routine request handling and unknowingly approve charges to a malicious or spoofed merchant.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The bridge documentation describes a one-command flow that includes approval, source-chain burn, and relayed destination minting, but lacks a prominent warning that funds are destroyed on the source chain first, fees are charged, and completion may be delayed or fail operationally before mint visibility. In a wallet skill intended for autonomous crypto operations, this can lead users or agents to initiate risky transfers without understanding temporary loss of access, route risk, or destination/gas prerequisites.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cookbook explicitly recommends `--amount max` for repeated deposits and presents unlimited approvals as a convenience pattern without a strong warning that this grants ongoing spending authority to the spender contract. If the approved contract is compromised, upgraded maliciously, misconfigured, or the wrong address is used, the wallet can lose all approved funds without further user confirmation. In this skill's context, the danger is elevated because the wallet is designed for autonomous signing and real-money DeFi activity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Polymarket setup instructs users to grant six approvals, including unlimited ERC-20 approvals and ERC-1155 operator approvals, but does not clearly warn that these permissions can enable broad asset movement by approved contracts. Because these approvals are framed as required one-time setup for trading, users may normalize granting sweeping permissions that persist long after the trade. In an autonomous agent wallet, persistent approvals materially increase blast radius if contracts, integrations, or addresses are abused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal