ClawHub

Hash Time Locked Contract

Security checks across malware telemetry and agentic risk

Overview

This skill is for crypto trading, but it can move real ETH with a private key and its trade flow exposes a secret that should be protected.

Only review or test this skill with a dedicated low-value wallet and funds you can afford to lose. Do not allow autonomous live trades, verify the contract and chain independently, require explicit approval for every transaction, and do not share an HTLC preimage unless you have confirmed it is the correct reveal step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The advertised 'full trade workflow' is unsafe because it reveals the HTLC preimage during the trade flow, defeating the core security property of a hash time-locked contract. Anyone who sees stdout, logs, shell history, terminal recording, CI output, or shared session output can learn the secret and potentially front-run or otherwise interfere with settlement depending on contract semantics and trade coordination.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README tells agents to use the skill for broad categories like trading, escrowing payments, and "any peer-to-peer digital asset exchange" without clear preconditions, authorization boundaries, or transaction safety checks. In an autonomous agent context, this can cause unintended invocation for high-value on-chain actions, leading to irreversible asset transfers, misuse in unsupported scenarios, or execution without adequate human approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes autonomous NFT/inscription trading and ETH locking in an HTLC contract but omits prominent warnings about irreversible blockchain transactions, smart contract risk, counterparty fraud, chain misconfiguration, and loss of funds. Because the skill is aimed at AI agents acting autonomously, the absence of financial and operational risk disclosures makes unsafe deployment more likely and increases the chance of real monetary loss.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to export a raw PRIVATE_KEY and connect to a mainnet RPC for live trading, but it does not warn about key exposure risks, wallet compartmentalization, transaction review, or the irreversible nature of on-chain asset transfers. In the context of HTLC/NFT trading on production EVM chains, this omission increases the chance that a user will use a high-value key or perform real transactions without understanding the consequences.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script prints the secret preimage directly to stdout and then instructs the user to 'Share with seller', which operationally exposes the claim secret to anyone with access to terminal output or the recipient. In HTLC-style flows, premature disclosure of the secret can allow unauthorized claiming/front-running or invalidate the intended escrow/trade guarantees, making loss of funds or trade manipulation plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal