ClawHub

Trustless Workflow Automation on EVM networks for Agents (powered by Ditto Network)

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Ditto workflow helper, but it handles raw wallet private keys and production crypto automation with too little safety framing.

Install only if you understand EVM wallet automation risk. Use a dedicated low-balance wallet, test on Sepolia or Base Sepolia first, keep .env out of version control, avoid exposing the private key to chat/logs/shared machines, pin and review the SDK dependency, avoid production swaps with zero slippage protection, and confirm cancellation steps before using real funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to store a wallet private key in a local `.env` file, which is highly sensitive credential material. Although it says not to hardcode the key, it does not prominently warn about the risks of plaintext secret storage, accidental git commits, shell history leakage, or use of safer alternatives such as hardware wallets, secret managers, or isolated test-only keys; in a web3 automation context this can directly expose control of funded accounts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advises users to fund smart accounts with real ETH and proceed to production deployment, but the warning posture is operational rather than safety-focused. Because this skill automates recurring on-chain actions, insufficient emphasis on real-funds risk can lead users to deploy flawed workflows, grant permissions, or schedule unintended transactions that repeatedly spend funds on mainnet.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal