ClawHub

X Search (x402)

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it requires a raw wallet private key and passes it to an unpinned third-party npm tool for paid searches.

Install only if you are comfortable funding paid x402 searches through this skill. Use a dedicated low-balance Base wallet, do not reuse a primary wallet private key, avoid plaintext config where possible, and review or pin the npm package before letting it handle the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script’s advertised purpose is X/Twitter search, but it also searches multiple local locations for a payment private key and exports it for downstream use. That hidden credential-handling behavior increases trust and review risk because users may invoke a search skill without realizing it accesses sensitive wallet material from disk and environment-derived context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to store a blockchain private key directly in an environment variable or plaintext JSON file, including a recommended persistent file in the home directory, without any warnings about credential sensitivity, permissions, encryption, or key-scoping. If that key is exposed through shell history, backups, permissive file permissions, malware, or accidental commits, an attacker could spend funds or impersonate the wallet used for x402 payments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits the user’s query over the network via a third-party package while using a private key for x402 payment, but provides no warning or confirmation about external data transmission or billing. In a search-focused skill, this matters because users may assume local processing and may not understand that their query and payment metadata are sent to external services.

Session Persistence

Medium
Category
Rogue Agent
Content
2. Home directory: `~/.x402-config.json` ← **Recommended**
3. Working directory: `$PWD/x402-config.json`

Create the config file:
```json
{
  "private_key": "0x1234567890abcdef..."
Confidence
93% confidence
Finding
Create the config file: ```json { "private_key": "0x1234567890abcdef..." } ``` **Example (home directory - works for any user):** ```bash echo '{"private_key": "0x..."}' > ~/.x

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal