ClawHub

Maestro Sdk

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent as a Maestro Solana vault assistant, but it gives the agent broad financial authority with automatic key setup, persistent state, and transfer paths that need tighter user confirmation.

Review carefully before using with any funds. Use a dedicated limited wallet/session key, enforce strict Maestro vault policies, inspect the SDK package, and require explicit confirmation before every transfer or swap. Treat MEMORY.md and the memory logs as sensitive operational state, and clear or re-verify them when vault ownership or session keys change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "vault questions" is underspecified and can cause the skill to activate on loosely related conversation, leading to unsolicited vault discovery, health checks, or operational guidance. In a wallet-management skill, ambiguous activation increases the chance of unintended sensitive actions or stateful behavior in response to ordinary chat.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The category "Money/payment/balance" is extremely broad and likely to overlap with common conversational language, which can trigger vault discovery and transfer flows when the user did not intend to initiate financial operations. Because this skill controls a Solana vault and maps broad language directly to transaction execution paths, accidental activation could result in unauthorized or unintended transfer attempts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatically generating or loading a private key and writing persistent state on skill load causes security-sensitive side effects before the user has granted informed consent. This creates risk of unapproved credential creation, filesystem modification, and persistence of wallet metadata, which is especially dangerous in a skill designed to control real vault funds.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Immediately disclosing the agent pubkey on load is a lower-severity issue, but it still exposes operational wallet metadata without user request or contextual warning. In combination with auto-init and persistence, this can leak identifying information, encourage premature funding, and normalize unsolicited operational prompts for a finance-related agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal