ClawHub

Agent Template

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for Solana prediction-market trading, but it needs review because it promotes a remote shell installer and asks users to use a wallet private key with limited safety guidance.

Review the bundled files and any remote installer before running it; do not pipe the remote script directly to bash. Use a fresh low-value wallet, keep WZRD_PRIVATE_KEY out of source control and logs, restrict network access to the documented twzrd endpoints where possible, and replace the default always-YES trading strategy before running the long-lived agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill exposes clear networked capabilities via the declared MCP server and multiple external API endpoints, yet it does not declare any permissions warning consumers that it will communicate off-platform and potentially use environment-backed credentials. In an agent ecosystem, this mismatch is a real security issue because users and orchestrators may grant or execute the skill under the assumption it is low-privilege, while it actually enables outbound requests and authenticated actions such as betting, redemption, and transaction-building.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README explicitly instructs users to execute a remotely fetched script directly with `bash`, which removes any opportunity to inspect the script before execution and creates a direct remote-code-execution path if the hosting origin, transport, or published script is compromised. In this skill's context, the risk is heightened because the setup flow is for a financial/trading agent that later handles wallet credentials, so users are being encouraged to run unreviewed code in an environment likely to contain sensitive keys.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions tell users to place `WZRD_PRIVATE_KEY` in a `.env` file but provide no warning about the sensitivity of the credential, safe storage expectations, or the risk of accidental exposure through source control, logs, backups, or shell tooling. Because this agent interacts with wallet-signed authentication and token redemption flows, compromise of that private key could lead to account takeover and loss of funds or rewards.

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.9
base58>=2.1
PyNaCl>=1.5
python-dotenv>=1.0
Confidence
95% confidence
Finding
aiohttp>=3.9

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.9
base58>=2.1
PyNaCl>=1.5
python-dotenv>=1.0
Confidence
93% confidence
Finding
base58>=2.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.9
base58>=2.1
PyNaCl>=1.5
python-dotenv>=1.0
Confidence
94% confidence
Finding
PyNaCl>=1.5

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.9
base58>=2.1
PyNaCl>=1.5
python-dotenv>=1.0
Confidence
93% confidence
Finding
python-dotenv>=1.0

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
aiohttp

Known Vulnerable Dependency: PyNaCl — 1 advisory(ies): CVE-2025-69277 (libsodium has Incomplete List of Disallowed Inputs)

Low
Category
Supply Chain
Confidence
68% confidence
Finding
PyNaCl

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal