Back to skill

Security audit

Clawwallet

Security checks across malware telemetry and agentic risk

Overview

This wallet skill is mostly purpose-aligned, but it gives an agent direct authority over private keys, payments, swaps, staking, bridge transfers, and webhook secrets without clear built-in user approval controls.

Install only if you fully trust the publisher and the configured CLAW_WALLET_URL backend. Do not import valuable private keys unless you intend that service to control them, start with testnet or low-value wallets, and require your own human approval, spend limits, destination allowlists, and transaction previews before allowing an agent to call fund-moving methods.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

High
Confidence
96% confidence
Finding
The importWallet method sends raw private key material to an external wallet service over the network, shifting full custody to that service. If the service, transport, logs, or surrounding host are compromised, attackers can irreversibly steal all assets controlled by the key.

Missing User Warnings

High
Confidence
92% confidence
Finding
sendPayment initiates irreversible on-chain fund transfers without any built-in confirmation, approval workflow, policy check, or recipient verification. In an agent context, prompt injection, tool misuse, or simple mistakes can directly convert model output into real asset loss.

Missing User Warnings

High
Confidence
92% confidence
Finding
sendToken performs token transfers with no explicit user-facing disclosure or confirmation despite being irreversible and high impact. In an autonomous-agent setting, this makes accidental or adversarially induced asset movement much easier.

Missing User Warnings

Critical
Confidence
98% confidence
Finding
sweepWallet is especially dangerous because it is designed to transfer essentially all available funds out of a wallet in one action. Without strong confirmation and policy gates, any misuse, prompt injection, or backend compromise can empty a wallet immediately and irreversibly.

Missing User Warnings

High
Confidence
90% confidence
Finding
swapTokens executes DeFi asset exchanges without explicit warnings, confirmation, slippage disclosure, or route validation in this client layer. That exposes users to irreversible loss through bad routes, manipulated quotes, MEV, or simply unintended swaps triggered by an agent.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
Staking locks funds into an on-chain protocol and may involve delays, smart contract risk, and liquidity constraints, yet the method exposes it as a simple direct action. In agent-driven environments, users may not understand that this is not a harmless read operation and can have material financial consequences.

Missing User Warnings

High
Confidence
94% confidence
Finding
Cross-chain transfers are among the riskiest blockchain operations because they rely on bridging infrastructure, chain/protocol selection, and often have difficult recovery paths if misrouted. Exposing this as a direct callable action without confirmation or safeguards substantially raises the chance of irreversible loss.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
registerWebhook transmits a webhook secret to a remote service without any disclosure about storage, handling, or rotation, which can expose downstream integration trust if the backend is compromised. While less severe than private keys, leaked webhook secrets can enable forged event delivery or tampering with automation workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.