ClawHub

Monero Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Monero wallet skill, but it gives an agent under-scoped authority to spend real cryptocurrency without requiring explicit approval for each payment.

Install only if you intend to let an agent operate a Monero wallet gateway. Require manual approval for every transfer and XMR402 payment, verify recipient, amount, and site, keep gateway spending limits low, protect AGENT_API_KEY, and use the Docker gateway only from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly requires sensitive capabilities (`AGENT_API_KEY` environment access and network interactions) but does not declare explicit permissions, which weakens platform-level review and user awareness. In a wallet/payment skill, hidden or undeclared capabilities are more dangerous because they can enable secret-bearing requests and fund-moving actions without clear upfront scrutiny.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The description says the skill manages Monero wallets, but the body also instructs automatic XMR402 paywall handling and repeated interactions with a hardcoded local gateway. That mismatch matters because users may authorize a wallet-management skill without realizing it is also designed to spend funds on external 402 challenges, increasing the chance of unintended payment behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The transfer instructions enable sending XMR but do not require an explicit user confirmation step immediately before spending funds. In a cryptocurrency wallet context, omission of a confirmation safeguard can directly lead to irreversible financial loss from prompt injection, operator error, or mistaken destination/amount.

Missing User Warnings

High
Confidence
98% confidence
Finding
The XMR402 section says the agent 'MUST' pay a 402 challenge, which normalizes autonomous spending without a clear warning that real funds will be spent. Because 402 challenges can originate from external services, this creates a realistic path for untrusted endpoints or injected content to trigger unauthorized or unnecessary payments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script exposes fund-moving operations (`transfer` and `pay_402`) that execute immediately with no user confirmation, policy gate, destination allowlist, or sanity checks. In an agent-skill context, this increases the chance that prompt injection, accidental invocation, or malformed upstream inputs can trigger irreversible Monero transfers without an explicit user approval step.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal