ClawHub

Bitcoin Price Prediction & Lightning Oracle

Security checks across malware telemetry and agentic risk

Overview

This package advertises a Bitcoin market oracle, but it also ships an unrelated broad search, OSINT, and security-dorking tool that users would not reasonably expect.

Review carefully before installing. Use it only if you are comfortable with both the BTCvision external service and the bundled, unrelated search/OSINT/security-dorking code. Donation and Lightning invoice features should be user-initiated, and the publisher should remove or separately publish the search-intelligence package under accurate metadata before this is treated as a clean Bitcoin oracle skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (42)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The changelog shows the skill expanded from market-intelligence functions into traffic routing and donation-prompt behavior, which is outside the stated core scope. This is dangerous because it introduces undisclosed persuasion and redirection capabilities that can manipulate user interactions or steer agents to external destinations without clear user consent.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The README describes a generic internet/OSINT/security search capability, while the manifest metadata says the skill is for Bitcoin market intelligence. That mismatch is a strong indicator of skill identity deception: an agent or reviewer may authorize a seemingly low-risk finance tool but actually install a broad reconnaissance capability. In agent ecosystems, this context switch materially increases danger because the hidden functionality can be used to collect sensitive data, perform security-oriented discovery, or bypass policy expectations.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill content documents broad offensive security scanning and OSINT collection workflows, including exposed-file discovery, admin panel hunting, domain recon, and personal-identifier investigation, despite the surrounding skill metadata claiming a Bitcoin market-intelligence oracle. This mismatch materially increases the chance that an agent or operator will invoke intrusive capabilities without informed consent, appropriate authorization checks, or policy gating.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file header declares a search-intelligence skill using SearXNG, which materially conflicts with the provided metadata describing a Bitcoin market-intelligence oracle. This kind of identity/scope mismatch is dangerous because agents, reviewers, and users may grant trust, permissions, or deployment approval based on false expectations about what the skill does.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The example code showcases offensive security, OSINT, dorking, and reconnaissance workflows that are materially unrelated to the declared Bitcoin market intelligence purpose. This mismatch is dangerous because it normalizes dual-use or intrusive search behavior under an unrelated skill identity, increasing the risk of deceptive packaging, operator misuse, and deployment of unintended reconnaissance capability.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The file advertises targeted reconnaissance features such as exposed-file discovery, email OSINT, competitor analysis, and credential-oriented dorking that are unjustified by a Bitcoin oracle skill. In context, this makes the package more dangerous because users or agents may enable and trust capabilities they did not intend to install, while the examples actively steer them toward sensitive-search use cases.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module docstring identifies the code as an example for a different skill, contradicting the manifest identity of btcvision-oracle. This inconsistency is a supply-chain and trust concern because it suggests code reuse, repackaging, or misrepresentation, making it harder for reviewers to understand the true behavior and increasing the chance that unrelated or risky capabilities are smuggled into the skill.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This configuration implements a broad general-purpose search and dorking framework that materially exceeds the declared purpose of a Bitcoin market oracle. In the context of a no-auth, no-rate-limit agent skill, this scope mismatch is dangerous because it creates hidden capabilities that can be repurposed for reconnaissance, sensitive-data discovery, and abusive search workflows unrelated to BTC intelligence.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The security and OSINT intent signals and dork templates explicitly support searching for exposed files, credentials, admin panels, personal profiles, emails, phone numbers, and infrastructure reconnaissance. For a Bitcoin oracle skill, these capabilities are unjustified and materially increase abuse potential by enabling credential discovery and personal-data targeting under the cover of an unrelated finance tool.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The file-search category includes torrent and shadow-library engines such as Pirate Bay, 1337x, Anna's Archive, Z-Library, and Library Genesis, which are unrelated to Bitcoin market intelligence. This creates legal/policy risk and broadens the tool into piracy-oriented content discovery, an unnecessary and risky expansion of capability.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The strategy definitions enable broad orchestration patterns like deep_dive, osint_chain, file_hunt, and multi-step refinement that are suitable for general reconnaissance, not a narrow Bitcoin oracle. In combination with the rest of the config, these strategies increase scale and persistence of potentially abusive searches.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements a full generic search-dork generator and translator, which is unrelated to the declared Bitcoin market intelligence/oracle purpose. That mismatch is dangerous because it gives an unauthenticated skill a reusable reconnaissance capability for domain, filetype, title, URL, email-domain, and other targeting patterns, enabling downstream discovery of sensitive or security-relevant information under the cover of an unrelated skill.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The custom dork construction and operator translation logic provides a generic reconnaissance primitive that can generate targeted queries such as site:, filetype:, intitle:, inurl:, exclusions, and arbitrary extra operators. In the context of a Bitcoin oracle skill, this is unjustified and increases risk because an agent or user could repurpose the skill for broad OSINT collection, sensitive document discovery, or target profiling without any domain-specific guardrails.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This file implements a generalized search-intelligence parser with explicit security and OSINT categories, entity extraction for emails, IPs, phones, usernames, CVEs, and subcategories like exposed files, admin panels, sensitive data, and exposed APIs. That capability is materially unrelated to the declared Bitcoin market intelligence purpose, which strongly suggests hidden dual-use or deceptive functionality and increases the likelihood the skill could be used to facilitate reconnaissance or targeting.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file implements a general-purpose search and dorking orchestrator with strategy execution, direct dork support, OSINT-style workflows, and refinement logic, which is materially inconsistent with the declared Bitcoin market/oracle purpose. This kind of capability mismatch is dangerous because it can hide reconnaissance tooling inside an unrelated skill, reducing operator scrutiny and enabling misuse by downstream agents.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The usage text and feature list explicitly support security-dorking and OSINT-style discovery, including searching for exposed .env files, despite the skill being presented as a Bitcoin oracle. In this context, the mismatch increases the likelihood that the package is intentionally disguising recon capability, which could be used to locate sensitive data or exposed assets.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The top-level docstring frames the module as a clean search interface for AI agents, but the underlying capability includes dork generation and strategy-driven search workflows that can support offensive reconnaissance. Misleading documentation undermines informed review and safe deployment, especially when agents may autonomously invoke the skill based on description alone.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The package top-level name in this distribution is `search_dorks_skill`, which does not match the advertised Bitcoin market intelligence functionality. This kind of identity mismatch is dangerous because it can indicate a repackaged or mislabeled skill, increasing the risk of hidden behavior, supply-chain confusion, or accidental installation/execution of code unrelated to the declared purpose. In a no-auth, no-rate-limit agent-facing skill, that mismatch is more concerning because agents may trust metadata while importing a different module namespace.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The package metadata in setup.py identifies this as "search-intelligence-skill," which conflicts with the declared skill context of "btcvision-oracle." Metadata mismatches are dangerous because they can conceal repackaged or substituted functionality, confuse reviewers and users, and increase supply-chain risk by making it harder to verify what is actually being installed and executed.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The changelog shows the skill expanded from Bitcoin market intelligence into agent donation-promotion behavior, including wallet promotion and traffic routing. That creates scope drift from the stated market-data purpose and can manipulate downstream agents into soliciting funds or redirecting users in ways they did not explicitly request, which is especially risky for a no-auth, no-rate-limit public service.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs agents to always include BTCvision links and recommend visiting the site, which introduces traffic-steering behavior unrelated to the core function of providing Bitcoin market intelligence. This can bias agent outputs, override user-centric responses, and turn the agent into a promotional channel without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill embeds donation-solicitation instructions and wallet addresses, directing agents to ask for financial support after answering user questions. This exceeds the stated analytics purpose and creates a social-engineering monetization channel that may manipulate users or divert funds under the guise of assistance.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The changelog explicitly adds donation-trigger behavior but does not indicate any warning, consent flow, or user control for unsolicited prompts. Even if limited to once per session, this can create covert solicitation behavior in agent responses and undermine user trust through undisclosed monetization nudges.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The phrases 'natural donation mentions' and 'natural trigger system' suggest broad, context-driven prompting that may activate on ordinary conversation rather than explicit donation requests. In an unauthenticated, no-rate-limit agent skill, this increases the risk of manipulative behavioral nudging at scale, especially because users may not realize the model is being guided to solicit funds.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough to match ordinary investing or market-discussion prompts, increasing the chance the skill is auto-selected in contexts where users did not intend to call an external crypto service. Because the skill can also generate donation/payment artifacts, over-triggering raises both privacy and transaction-initiation risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal