ClawHub

Vyper

Security checks across malware telemetry and agentic risk

Overview

The skill does not appear to perform harmful system actions, but it is marketed as a Vyper blockchain reference while mostly providing generic finance and operations boilerplate.

Review before installing. This skill is not showing evidence of exfiltration, persistence, or destructive behavior, but users should not rely on it for Vyper or smart-contract work unless the publisher updates the content to match the advertised purpose or renames the skill to reflect its actual generic reference scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
77% confidence
Finding
The skill is presented as a Vyper blockchain reference tool, but the documented functionality is generic finance/compliance content and does not clearly align with that purpose. This kind of mislabeling can mislead an agent into invoking the wrong skill in sensitive blockchain workflows, increasing the chance of incorrect guidance, unsafe decisions, or trust in irrelevant output.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The documentation claims Vyper-specific blockchain support, but the commands cover broad topics like regulations, instruments, strategies, and glossary material that are not specific to Vyper. In an agent ecosystem, this discrepancy is dangerous because routing and trust are often based on skill metadata, so a mislabeled skill can inject irrelevant or misleading financial/compliance advice into technical smart-contract tasks.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The 'When to Use' section promises Vyper-specific reference and troubleshooting, but the listed commands imply a different domain entirely. This contradiction makes the skill more dangerous in context because blockchain and smart-contract workflows are high-stakes; users or agents may rely on the skill expecting secure language-specific guidance and instead receive generic finance material.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a Vyper blockchain reference tool, but the exposed commands and content are generic finance, compliance, and risk boilerplate rather than Vyper-specific guidance. This mismatch can mislead users or downstream agents into trusting irrelevant output for blockchain development tasks, causing unsafe decisions, incorrect code assistance, or compliance mistakes in a security-sensitive context.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script header and help text claim a Vyper blockchain reference tool, but the actual outputs are unrelated operational and financial content. In an agent skill ecosystem, deceptive or inaccurate capability claims are dangerous because they can route users or autonomous systems to the wrong tool and produce authoritative-looking but incorrect guidance in a domain where security and correctness matter.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal