ClawHub

OpenBytes

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenBytes API guide, but it exposes users to review-worthy risk by encouraging agent-visible wallet private keys, API keys, and account-linking actions without enough safeguards.

Review carefully before installing. Do not let an agent generate, print, store, or receive wallet private keys; use a trusted wallet instead. Redact API keys, session tokens, signatures, authorization headers, and personal data from any troubleshooting output. Manually verify gateway URLs, contract addresses, chain IDs, parent-wallet relationships, transaction amounts, API-key creation, revocation, approvals, and deposits before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill goes beyond describing API workflows and instructs creation of entirely new wallets while printing the private key to stdout. In an agent setting, that can cause secret material to be exposed in logs, chat transcripts, tool output, or persistent memory, creating immediate account-compromise risk and encouraging unsafe key handling unrelated to the core API workflow.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill introduces a parent-wallet linking capability not declared in the manifest description, expanding the effective privilege and action surface beyond what a caller would reasonably expect. Undeclared account-linking operations are security-relevant because they can authorize funding relationships or alter account associations, increasing the chance of misuse or confused-deputy behavior.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Private-key generation is not necessary for automating or debugging the described OpenBytes HTTP APIs, so including it materially broadens the skill into credential creation and custody. In practice, this pushes an agent toward handling raw signing secrets, which is a high-risk pattern because agents and surrounding systems commonly log or retain generated output.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example explicitly prints a generated private key, which is dangerous because terminal output is often captured by shell history tools, CI logs, terminal scrollback, screen recordings, remote-session logs, and agent transcripts. A single disclosure of the private key permanently compromises the wallet and any assets or authorizations associated with it.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Exporting a live API key into a shell environment can expose it to shared-shell sessions, subprocess inheritance, debug dumps, process inspection, or accidental reuse in later commands. While common in quickstart docs, omitting warnings and safer alternatives is a security weakness for an agent skill intended to operationalize real credentials.

Ssd 3

Medium
Confidence
90% confidence
Finding
Asking users for the full API HTTP response can cause them to paste back authorization headers, API keys, session tokens, wallet addresses, request IDs, or other sensitive context into a conversation. In an agent-support setting, that substantially raises the risk of credential disclosure because users often include raw curl commands or verbose traces when told to share full responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal