ClawHub

Agentwallet Sdk

Security checks across malware telemetry and agentic risk

Overview

This wallet skill appears purpose-aligned, but it should be reviewed carefully because it can enable autonomous crypto transfers, swaps, bridges, and private-key signing without clear approval or spending controls.

Install only if you intend to let an agent work with a dedicated crypto wallet. Use a low-balance or restricted wallet, never a main wallet private key, pin and verify npm packages, require explicit confirmation before every transfer, payment, bridge, or swap, and avoid MCP exposure unless you can tightly restrict which agents may call it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly enables autonomous wallet management, transfers, swaps, and cross-chain bridging, but the usage section does not warn that these actions can directly move or irreversibly convert user funds. In an agent setting, omission of clear fund-movement warnings increases the chance that operators grant the skill broad authority without understanding the financial risk of autonomous execution.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The security model states that the agent holds its own private key, but it does not warn about the operational risks of key exposure, malware compromise, prompt-driven misuse, or insecure storage in autonomous environments. Because the key authorizes real on-chain actions, insufficient disclosure can lead deployers to underestimate the need for hardened key management and transaction restrictions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes generic terms such as "wallet", "payment", "bridge", "swap", and "transfer", which can match many routine user requests and cause the skill to be invoked unexpectedly. In this skill's context, unintended activation is more dangerous because it advertises wallet, payments, bridging, and swapping capabilities and requests the "exec" tool, increasing the chance that broad matching could route sensitive financial actions to this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal