Critical · CVSS 9.8 May 12, 2026 · Dragonmonk111 / JunoClaw

JunoClaw Agentic AI Toolchain

MCP Wallet Seed Exposure, Shell Command Injection, and SSRF in a Blockchain Agent Platform

JunoClaw disclosed four vulnerabilities in its agentic AI platform on Juno Network. The most critical: every MCP write tool accepted a raw BIP-39 mnemonic as an explicit tool-call parameter, embedding the wallet seed in LLM tool-call JSON and exposing it to any transport, log, or telemetry surface between the LLM provider and the MCP process. Compounding this, a shell plugin permitted command injection via metacharacter bypass, and the WAVS bridge allowed SSRF via unvalidated URL fetching. All issues are addressed in @junoclaw/cosmos-mcp version 0.3.0 and later.

4 CVEs

9.8 Max CVSS

Wallet Seed Exposed

Patched Status

"Every MCP write tool ... accepted mnemonic: string as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process."

— GitHub Security Advisory GHSA-j75q-8xvm-6c48

Members only

Full technical analysis, attack chain, IOCs, and the defensive checklist are available to registered members — free to join.