ClawHub

Broadcast Sign Transfer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can move real crypto funds and exposes sensitive signed transaction data in logs.

Review before installing. Use only a dedicated low-balance wallet, avoid storing private keys in shell startup files, remove or disable debug logging of signed transactions/request bodies, and require a separate human confirmation before every transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly handles highly sensitive secrets from environment variables and performs network broadcasting of signed blockchain transactions, yet it does not declare permissions for env or network access. In this context, undeclared capabilities are dangerous because the skill can access a wallet private key and exfiltrate value on-chain or misuse API credentials without transparent consent boundaries.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code prints the full signed transaction blob to stdout during native-asset transfers. A signed transaction is a bearer artifact: anyone who obtains it can rebroadcast it before or alongside the intended sender, leaking sensitive transfer details and enabling unauthorized propagation through logs, terminals, CI systems, or agent telemetry.

Missing User Warnings

High
Confidence
99% confidence
Finding
The token-transfer path also exposes the complete signed transaction to stdout. In this skill context, the code handles real wallet private keys and live transfers, so emitting signed payloads into logs materially increases the risk of transaction interception, replay-style rebroadcast, and privacy loss through shared logging infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal