ClawHub

Carbium — Solana DeFi Infrastructure

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Solana trading purpose, but it includes live fund-moving examples with insufficient safeguards around signing and submitting transactions.

Install only if you understand that the examples can sign and broadcast real Solana transactions. Use burner wallets or devnet where possible, cap amounts and slippage, decode or simulate any server-generated transaction before signing, avoid logging URLs containing API keys or signed transactions, and rotate keys if they appear in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section provides code that fetches an executable transaction, deserializes it, signs it, and broadcasts it to mainnet without a prominent warning that signing will irreversibly spend assets if the transaction contents are malicious, stale, or misunderstood. Because the transaction is server-generated and base64-encoded, users may sign opaque payloads they have not independently inspected. In a financial/trading skill, that omission raises real loss risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The pump.fun sniping section walks through detecting new launches and rapidly buying newly created tokens, yet it lacks an explicit warning that this is highly speculative automated trading with significant loss, frontrunning, scam-token, and execution risks. The guidance is optimized for speed and execution, which can encourage unsafe deployment by inexperienced users. In this context, omission of risk disclosure materially increases the chance of financial harm.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README provides copy-pastable code to send SOL but does not warn that it moves real funds, may be irreversible, and can cause financial loss if used with the wrong recipient, amount, or key material. In a blockchain infrastructure skill, this is more dangerous because users are likely to run examples directly against live RPC endpoints, making accidental mainnet transfers plausible.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README demonstrates a workflow that obtains, signs, and submits a real swap transaction, but it does not prominently warn that running the sample can move funds, incur slippage, and execute on mainnet. In a wallet-integrated context, users may copy/paste the example and unintentionally authorize irreversible asset movement without understanding the financial risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README provides copy-pastable code that signs a deserialized transaction returned by a remote API and submits it on-chain, but it does not clearly warn that this performs a live fund-moving swap. In security terms, this is dangerous because users may run the example against real wallets without understanding they are authorizing an externally constructed transaction that can affect assets immediately.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation recommends passing the API key in a WebSocket URL query parameter (`?apiKey=KEY`), which increases the chance the credential will be exposed through logs, browser history, reverse proxies, analytics, crash reports, and monitoring systems. Even if WebSocket transport is encrypted, the URL itself is commonly captured outside the TLS boundary, so documenting this pattern without any warning or safer preference creates avoidable credential leakage risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation tells integrators that adding `user_account` returns an executable base64 transaction and later describes endpoints that transmit signed transactions, but it does not prominently warn users that wallet-linked data can cause ready-to-sign or already-signed transaction payloads to be generated or sent to Carbium services. In a wallet/swap context, this omission increases the risk of unsafe integrations where developers or end users submit transactions without adequate review, consent, or transaction inspection.

External Transmission

Medium
Category
Data Exfiltration
Content
// Step 3: Submit via Jito bundle (v1 endpoint)
async function submitBundle(signedBase64: string) {
  const url = new URL("https://api.carbium.io/api/v1/swap/bundle");
  url.searchParams.set("signedTransaction", signedBase64);

  const res = await fetch(url, {
Confidence
87% confidence
Finding
https://api.carbium.io/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal