ClawHub

wallet-pnl

Security checks across malware telemetry and agentic risk

Overview

This skill appears to analyze Solana wallet trading through third-party paid APIs, but it needs review because its financial ratings and data/payment disclosures are too thin.

Install only if you are comfortable sending queried Solana wallet addresses and related transaction lookups to third-party RPC/API providers and possibly incurring paid API charges. Treat any copy-trading score as a rough heuristic, not financial advice, and use a least-privilege Helius API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares environment-variable and network-related capabilities in metadata but does not explicitly declare corresponding permissions, creating a transparency and policy-enforcement gap. In practice this can let a skill access external services and sensitive configuration in ways a user or platform reviewer may not clearly understand, increasing the chance of unintended data exposure or unauthorized outbound requests.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill markets copy-trade rating and wallet worthiness evaluation, but the implementation reduces that judgment to a very simplistic heuristic based only on realized PnL and win rate from limited swap history. In a trading context, this can mislead users into making financial decisions based on overstated analytical capability, especially since open positions, token amounts, and data completeness are not properly modeled.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description uses broad trigger language such as checking whether a wallet is worth copying or analyzing smart money performance, which can cause over-invocation in loosely related conversations. That increases the risk of unnecessary remote calls, unintended disclosure of wallet addresses, and surprise charges because this skill is tied to a paid API.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs use of a paid remote endpoint with a wallet address in the query string but provides no explicit privacy or transmission warning to the user. Even if wallet addresses are public on-chain identifiers, sending them to a third-party service can create linkability, logging, and billing side effects the user may not expect, especially when combined with paid x402 requests.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits the queried wallet address and associated account/transaction lookups to third-party RPC/API providers without any user-facing notice or consent prompt. In this skill's context, wallet analysis inherently involves potentially sensitive trading-behavior profiling, so silent disclosure to external infrastructure increases privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal