Oathe Security Badge

Is adacapo21/cardano-staking safe?

https://clawhub.ai/adacapo21/cardano-staking

87
SAFE

This Cardano staking skill appears to be a legitimate utility for checking delegation status and rewards, with clean code and no malicious behavior detected. However, it requires access to the user's seed phrase, which provides complete control over their cryptocurrency wallet and creates significant financial risk.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

HIGH Requires Cryptocurrency Seed Phrase Access -30

The skill requires access to SEED_PHRASE environment variable, which provides complete control over the user's cryptocurrency wallet. This creates significant financial risk as seed phrases can be used to transfer all funds.

MEDIUM High-Value Target for Attack Chains -40

While the skill itself appears benign, its access to seed phrases makes it a valuable target for attack chains with other skills that have network capabilities. An attacker could potentially combine this with network-enabled skills to exfiltrate wallet credentials.

LOW External Network Connections During Install -15

The skill installation process made connections to external hosts, which is normal for downloading from the ClawHub registry but represents potential attack surface.