ClawHub

crypto-research

Security checks across malware telemetry and agentic risk

Overview

The skill’s crypto research behavior is mostly coherent, but it publishes a third-party API key and leaves external monitoring/data-use boundaries too unclear for automatic approval.

Review before installing. The Binance helper scripts are read-only and purpose-aligned, but the ARKM API key should be treated as exposed: revoke and rotate it, remove it from the skill, and use a user-provided scoped secret if ARKM access is needed. Do not allow unattended monitoring or trading decisions unless you explicitly approve the scope and external data use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill instructs use of shell via curl commands but does not declare permissions or execution boundaries. This creates a capability mismatch that can lead to unexpected command execution paths, reduced auditability, and unsafe expansion of the skill’s effective privileges.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The manifest embeds a specific ARKM API key directly in documentation, exposing a reusable credential to anyone who can read, copy, or redistribute the skill. Hardcoded secrets are easily leaked through version control, logs, and downstream packaging, enabling unauthorized API use and possible account abuse.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger conditions are broad, including generic analysis and monitoring scenarios, which can cause the skill to activate in situations the user did not clearly intend. Overbroad invocation increases the chance of unnecessary external calls, unintended monitoring behavior, and disclosure of user context to third-party services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs use of multiple external services and monitoring functions but does not clearly disclose that data may be transmitted to third parties. Users may unknowingly trigger network requests or ongoing monitoring workflows, creating privacy, compliance, and consent risks.

Ssd 3

High
Confidence
99% confidence
Finding
A hardcoded API key in the skill file is a direct credential exposure. In this context, the skill is designed for routine sharing and operational use, so the secret is especially likely to be propagated broadly, abused for unauthorized access, or harvested automatically by scanners.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal