ClawHub

rug-checker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate read-only Solana token risk checker, with expected public API calls and a small disclosed local rate-limit file.

Install only if you are comfortable with the skill sending token addresses or search terms to Rugcheck, DexScreener, and a Solana RPC provider. Do not set SOLANA_RPC_URL to an endpoint you do not trust, and expect a small local rate-limit file to be created under your user state directory. Treat reports as informational risk signals, not investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The library persists rate-limit state under the user's home directory even though the skill is described as read-only network analysis. While not directly enabling code execution, this creates undeclared local persistence, leaves artifacts on disk, and broadens the skill's actual data-access footprint beyond what users would reasonably expect from a read-only checker.

Scope Creep

High
Confidence
92% confidence
Finding
The code creates directories/files for rate limiting despite the manifest declaring only network permission. In an agent environment, undeclared local writes undermine least privilege and can be abused for tracking, cross-run state retention, or interference with other local data if the execution boundary is weaker than expected.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example invocations are broad, conversational phrases like 'Is BONK safe?' and 'Is this token a scam?' that can easily overlap with normal discussion in chat environments. In an agent setting, this increases the chance of unintended skill activation, which can cause unsolicited network access, noisy behavior, or misleading financial-risk responses in contexts where the user was not actually requesting a rug check.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation triggers include broad phrases such as 'Is this a scam?' and 'Audit this token', which can match normal conversation and cause the skill to trigger unexpectedly. In a network-enabled skill, overbroad activation can leak user-supplied token/address data to third-party APIs, create unwanted external requests, and let adversarial users steer the agent into running analysis in contexts where it was not clearly requested.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The Solana RPC helper sends JSON-RPC requests to a configurable endpoint via SOLANA_RPC_URL, which means network destinations are partially controlled by environment rather than fixed in code. In a skill advertised as simple read-only analysis, that makes silent exfiltration or traffic redirection easier if the environment is tampered with or misconfigured.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal