authenticate-wallet Security Report — Suspicious | ClawSafe

45 /100

authenticate-wallet

Authenticate to AgnicPay wallet using browser OAuth or non-browser API token mode

The skill relies on unversioned npx execution of external npm package with wildcard arguments, posing significant supply chain risk.

Skill Nameauthenticate-wallet

Duration35.0s

Enginepi

⚠

Use with caution

Pin the npm package to a specific version hash and restrict allowed-tools to documented subcommands only.

Attack Chain 3 steps

⬡

Escalation Attacker typosquats or compromises 'agnic' npm package

SKILL.md:8

⬡

Escalation Skill executes arbitrary code via 'npx agnic@latest *' when user invokes

SKILL.md:8

◉

Impact Malicious package executes code with same shell:WRITE privileges

SKILL.md:8

Severity	Finding	Location
High	Unversioned npm package execution Supply Chain The skill uses 'npx agnic@latest' which pulls from npm registry without version pinning. An attacker who compromises the 'agnic' package name (typosquatting, account takeover) could execute arbitrary code. `allowed-tools: ["Bash(npx agnic@latest *)"]` → Pin to a specific version or commit hash, e.g., 'npx [email protected]' or verify package integrity with integrity hash	`SKILL.md:8`
Medium	Wildcard allows undocumented subcommands Doc Mismatch The '' in allowed-tools permits any agnic command, not just the documented auth/status/logout. The skill could silently execute other agnic subcommands not listed in documentation. `Bash(npx agnic@latest )` → Restrict to specific subcommands: 'Bash(npx agnic@latest auth login;npx agnic@latest status --json;npx agnic@latest auth logout)'	`SKILL.md:8`
Low	Token visible in command line Credential Theft Passing --token as a command-line argument exposes the credential in process list and shell history. `npx agnic@latest --token <agnic_token>` → Prefer environment variable AGNIC_TOKEN which is less exposed, or document this risk explicitly	`SKILL.md:11`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	allowed-tools declares Bash(npx agnic@latest *)

1 files · 1.5 KB · 62 lines

Markdown 1f · 62L

└─ 📝 SKILL.md Markdown 62L · 1.5 KB

Package	Version	Source	Known Vulns	Notes
`agnic`	`@latest`	npm	No	No version pinned; arbitrary code execution possible if package compromised

✓ Skill is simple with minimal attack surface

✓ No hidden functionality detected

✓ No direct access to sensitive files (~/.ssh, ~/.aws, etc.)

✓ No base64 or obfuscated code

✓ No credential exfiltration observed