ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Base Network OSINT

v1.0.0

Kybera wallet control and token research assistant

0· 156·0 current·0 all-time
byXipz@xipzer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Kybera wallet / token research) align with the instructions to perform token/identity research and wallet operations. However the SKILL.md also directs the agent to fetch live data from multiple third‑party services (GoPlus, Arkham) but declares no required credentials or environment variables — a mismatch between capabilities the skill expects and what it declares. The skill also instructs writing a cached copy to ~/.openclaw/skills/kybera.md, which is not implied by the description.
!
Instruction Scope
The SKILL.md directs the agent to: (a) cache a copy of itself to the user's home (~/.openclaw/skills/kybera.md), (b) fetch an updated SKILL.md from https://app.kybera.xyz and overwrite the cached file when asked, and (c) always fetch fresh live data from many external sources (GoPlus, Arkham, social platforms, ENS resolution, wallet histories). The automatic remote fetch + overwrite behavior effectively allows remote replacement of runtime instructions (supply‑chain risk). The file also contains a detected unicode-control-chars injection pattern indicative of prompt‑injection attempts.
Install Mechanism
There is no formal install spec or package install — lowest technical installation risk. However, the skill's own instructions implement a lightweight install/update mechanism (download SKILL.md from https://app.kybera.xyz and write to ~/.openclaw/skills/kybera.md). That download/overwrite step is effectively installing remote code (instructions) at runtime and is a higher‑risk behavior than a purely instruction‑only, non‑persisting skill.
!
Credentials
The SKILL.md expects use of third‑party intelligence providers (GoPlus, Arkham) and platform APIs (ENS, X/Twitter, GitHub, Farcaster) but the skill declares no required environment variables, API keys, or credentials. This mismatch is problematic: either the agent is expected to have preconfigured credentials (not declared), or the skill will attempt unauthenticated web scraping. Either case is disproportionate to what's declared and increases risk (missing transparency about required secrets).
Persistence & Privilege
always is false and the skill is user‑invocable (normal). But the SKILL.md instructs writing a persistent file under ~/.openclaw/skills and replacing it via remote fetch on update — persistent presence and remote update ability create supply‑chain concerns. The skill does not request elevated system privileges, but it does modify the agent's local skill cache.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found unicode control characters in the SKILL.md. These are not needed for token research and often appear in prompt‑injection attempts to hide or manipulate content. Combined with the remote update behavior, this increases the risk that the skill may try to alter agent behavior or conceal malicious instructions.
What to consider before installing
What to consider before installing: - Supply‑chain risk: The skill instructs the agent to download and overwrite its cached SKILL.md from https://app.kybera.xyz. That means the skill's behavior can change later without an explicit new package install. Only allow this if you trust the remote domain and its operator. - Missing credential disclosure: The instructions rely on third‑party services (GoPlus, Arkham, ENS, social platforms) but the skill declares no required API keys or environment variables. Ask the publisher which credentials are required and where they will be used. Do not provide sensitive API keys unless you understand and trust how they’re used. - Local persistence: The skill writes to ~/.openclaw/skills/kybera.md. If you install it, inspect that file and any remote SKILL.md before allowing updates. Prefer manual approval for updates rather than auto‑overwrite. - Prompt‑injection indicator: The SKILL.md contains unicode control characters flagged by the scanner. Treat this as suspicious; request a clean, canonical copy of the skill content and verify it matches the hosted file. - Safety steps: If you proceed, run it in a restricted environment (no access to high‑privilege secrets), disable autonomous network access if possible, and require explicit user confirmation before performing any write/update operations. Alternatively, ask the skill author to provide a version that does not auto‑fetch/overwrite local files and that declares all required credentials. What would change my assessment: proof that the remote SKILL.md is signed and verifiable, a publisher identity tied to the kybera.xyz domain, explicit declaration of required API keys and their minimal scope, and removal/clarification of the unicode control characters. If those are provided, the supply‑chain and injection concerns would be reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dnddg7f80hsvegffmhd1tvx82z1ch

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments