ClawHub

Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits.

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Elytro wallet and DeFi skill pack, but it asks agents to automatically replace their own wallet instructions from GitHub before use.

Install only if you can supervise wallet actions closely. Disable or ignore the automatic SKILL.md and CLI update behavior unless updates are pinned and reviewed, and require explicit confirmation after simulation before any transaction, approval, paid request, recovery change, OTP submission, or payroll payout.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to fetch remote content from GitHub and overwrite its own SKILL.md at runtime before handling user requests. This is dangerous because it creates a self-modifying trust boundary: whoever controls the upstream repository or delivery path can change future agent behavior without local review, enabling prompt injection, consent bypasses, or malicious command additions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The phrase “do DeFi” is an overly broad natural-language trigger for a high-risk domain involving wallet actions and protocol execution. In this skill hub, such ambiguity can cause an agent to auto-load routing or execution skills without first establishing the user’s specific intent, risk tolerance, target protocol, or required confirmations, increasing the chance of unsafe or unintended financial actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to plan and execute Uniswap swaps and liquidity actions through Elytro, but it does not explicitly warn that blockchain transactions are irreversible and may result in permanent loss of funds from slippage, bad routing, approval misuse, or operator error. In a wallet-execution context, omission of a clear risk disclosure makes accidental unsafe execution more likely, especially when users may treat the planner output as authoritative.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to overwrite a local file silently and to continue without blocking even if the network fetch fails, but it does not require prior user consent for this filesystem modification. Silent local modification is risky because it changes agent instructions and persistence state without user awareness, undermining auditability and enabling covert tampering if the remote content is compromised.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal