JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
Each MCP write tool (including send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer) accepted the parameter 'mnemonic: string' directly in the tool call. The BIP-39 seed was thus embedded in the LLM call JSON structure and reached every intermediate layer: network transport, application logs, telemetry systems, and potentially the LLM provider's infrastructure. The exposure encompasses multiple error classes: sensitive data disclosure (CWE-200), unencrypted data storage (CWE-312), improper credential protection (CWE-522), and logging of sensitive information (CWE-532).
An attacker or unauthorized person with access to logs, telemetry, or network traffic can take full control of the victim's cryptocurrency wallet — including executing arbitrary transactions, deploying contracts, and transferring funds without the owner's knowledge.
JunoClaw should be updated to version 0.x.y-security-1, where the issue has been fixed. Details are available in the official security advisory (GHSA-j75q-8xvm-6c48) and in the project's GitHub repository. Additionally, it is recommended to immediately rotate all BIP-39 mnemonics that may have been used with vulnerable versions of the platform, and to review logs and telemetry systems for potential leaks.
JunoClaw (agentic AI platform on Juno Network) in all versions before 0.x.y-security-1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H