ClawHub
Back to skill

Security audit

Binance Pro 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This Binance skill is transparent about trading, but it gives an agent broad live financial trading authority without enough scoping or safeguards.

Install only if you are comfortable letting an agent access a Binance account. Use a dedicated restricted API key, prefer read-only or testnet credentials first, disable withdrawals, enable IP restrictions where possible, and require explicit human confirmation before every live order, leverage change, cancellation, or position close.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The description claims the skill can perform 'any Binance operation,' which is an overly broad capability statement for a high-risk financial integration. Broad invocation scope increases the chance of the agent being triggered for sensitive trading, transfers, or account actions without narrowly scoped user intent, making accidental or unsafe execution more likely.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill prominently advertises leveraged trading up to 125x and order execution without a strong upfront warning that these actions can rapidly and irreversibly lose funds. In the context of an agent skill that can place real exchange orders, this omission materially increases the risk of users invoking destructive financial actions without appreciating the consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.