ClawHub

solidity-audit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Solidity audit helper, with some normal tool-installation cautions but no evidence of hidden or malicious behavior.

Install this only if you want a Solidity/EVM audit workflow. Treat its reports as an assistant's output, not a substitute for professional review on high-value contracts. Before running any setup commands, especially curl-to-bash or package installs, verify the source and run them in a controlled development workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases include broad terms like 'security review' and 'vulnerability assessment', which can match many common requests and cause over-broad activation. In an agent ecosystem, this increases the chance the skill is invoked outside its intended Solidity/EVM scope, potentially leading to irrelevant, overconfident, or risky guidance.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The usage example activates on a generic help-style prompt, 'Help me audit this ERC20 contract for security,' without requiring confirmation of language, environment, or scope boundaries. This makes accidental or overly broad invocation more likely and encourages the agent to proceed before gathering minimum context such as code, compiler version, and whether the target is actually Solidity.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Installation
curl -L https://foundry.paradigm.xyz | bash
foundryup

# Initialize
Confidence
90% confidence
Finding
curl -L https://foundry.paradigm.xyz | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Installation
curl -L https://foundry.paradigm.xyz | bash
foundryup

# Initialize
Confidence
93% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal