ClawHub

Cex

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as CEX/blockchain security analysis, but it actually works as a persistent local entry tracker with delete, export, and config-writing commands.

Install only if you intentionally want a simple local entry tracker, not a CEX or protocol-security analysis tool. Avoid storing secrets, account details, trading records, or sensitive investigation notes in it, and review ~/.cex plus any cex-export files if you use or remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation claims blockchain/CEX analysis, but the listed commands are plainly generic CRUD and local file-management operations. In an agent setting, deceptive or inaccurate interface descriptions are dangerous because tool selection may rely on metadata and docs, causing a security-sensitive environment to execute unintended local state changes under false pretenses.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest description and the body of the skill do not match, which undermines trust boundaries and safe tool routing. In systems where agents choose tools based on manifest metadata, this can cause an apparently analytical skill to perform persistent storage, export, and deletion actions on the local machine instead.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The advertised purpose of the skill is security and CEX-analysis assistance, but the implementation is an unrelated local note/config store. That mismatch is dangerous because users may grant trust, provide sensitive operational data, or invoke the tool in security workflows under false assumptions about what it actually does.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script provides generic export and config-writing capabilities that are not justified by the stated analytical use case. Unnecessary stateful features expand the attack surface, create opportunities for unintended data retention or tampering, and make the skill capable of actions users would not reasonably expect from a read-only analysis helper.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The top-level documentation claims analytical and protocol-security functionality that the code does not provide. In a security context, deceptive capability claims are especially risky because they can cause users to rely on nonexistent analysis, mishandle sensitive data, or misclassify the tool as trustworthy.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The help text continues to promise CEX analysis while exposing only CRUD-style local entry management commands. This can mislead operators during security work, increasing the chance of improper trust and disclosure of sensitive information to a tool that merely persists it locally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The docs advertise remove and export operations without warning about destructive effects, overwrite behavior, or where data is written. In practice, this increases the likelihood of accidental data loss or unintended exfiltration of locally stored content, especially when an agent or user assumes the skill is only informational.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description gives no upfront warning that data will be persisted under a local directory, despite the script writing entries by default. Silent persistence is dangerous because users may input secrets, operational notes, or investigative data assuming the tool is transient, leaving sensitive artifacts on disk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Configuration values are written to disk without any clear warning to the user, which can unintentionally persist secrets or environment-specific settings. Because the skill masquerades as an analysis tool, users are less likely to expect durable config state, making accidental leakage or stale configuration issues more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal