ClawHub

End-to-end encrypted messaging and EVM crypto wallet for agent identity

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it asks an agent to handle a wallet private key and can send real cryptocurrency without documented confirmation safeguards.

Install only if you specifically need OpenIndex messaging plus wallet features. Use a dedicated low-balance wallet, avoid reusing valuable private keys or mnemonics, verify the npm package/source and version before running it, clear sensitive environment variables after use, and require a manual confirmation that shows recipient address, chain, token, amount, and fees before any transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents cryptocurrency transfer commands but does not warn that transfers are irreversible or that usernames, destination addresses, chain selection, and token selection must be verified before sending. In an agent skill, this increases the chance of accidental loss of funds, especially because the interface abstracts raw addresses behind usernames and multiple chains.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to place a private key directly into a shell environment variable without warning about exposure through shell history, process inspection, logs, CI environments, or inherited subprocess environments. Because this skill handles both messaging identity and crypto transfers, compromise of that key could enable account takeover, message impersonation, and theft of on-chain assets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal