ClawHub

HL Privateer

Security checks across malware telemetry and agentic risk

Overview

This is a paid trading-signal API skill, but it also documents wallet-spending flows and command/admin controls for a trading system that should be reviewed before installation.

Install only if you intend to use a third-party paid trading-signal service. Use a dedicated low-balance wallet, never paste a real private key into prompts or source files, require explicit approval before signing payments or copying trades, and do not provide operator JWTs or login secrets unless you intentionally want the agent to control the trading desk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The API documentation exposes powerful operator capabilities including login, command execution, risk configuration changes, replay/export, and other control-plane functions that go well beyond the skill's stated read-only trading-data purpose. This mismatch increases the chance that an agent integrator or downstream model will discover and invoke privileged endpoints, potentially enabling account takeover, trading disruption, or unsafe system changes if credentials or secrets are obtained or misconfigured.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The agent-facing API includes command execution and tier-unlock operations that are not reflected in the skill description, which presents the integration primarily as data access and copy-trade visibility. Hidden or under-disclosed action-oriented endpoints are dangerous because autonomous agents may attempt to use them without appropriate human review, and tier escalation flows can expand privileges beyond what users expect.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The WebSocket protocol documents command execution messages and execution-related event streams that exceed the apparent read-only scope of the skill. In an agentic environment, real-time command channels can be especially risky because they make it easier for automated clients to issue operational actions or react to sensitive execution telemetry without clear user awareness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly encourages copy-trading and signal-driven trading actions but does not warn that following these outputs can directly move user funds, create losses, or trigger leveraged trading risk. In a finance/trading context, omission of risk disclosures is materially dangerous because an agent or user may treat the outputs as safe operational instructions rather than speculative market guidance.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest markets broad capabilities like following trades, integrating signals, and copy-trading without stating when the skill should be invoked, what user consent is required, or what boundaries apply. In an agent ecosystem, vague trigger language can cause over-invocation or inappropriate use in financially sensitive contexts, increasing the chance that an agent surfaces or acts on trading-related data when the user did not clearly request it.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill prominently advertises copy-trading and trading signals but does not include any user-facing warning about financial risk, losses, delayed signals, or the consequences of mirroring positions. In this context, omission is dangerous because users or orchestrating agents may treat the skill as suitable for direct financial decision support without sufficient caution, which can lead to harmful or unauthorized account-impacting behavior.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation lists destructive operator commands such as /halt, /resume, and /flatten without prominent warnings about their real-world effect on a live trading system. In the context of an agent skill for trading infrastructure, undocumented destructive actions materially raise the risk of accidental service interruption, forced liquidation, or unauthorized strategy manipulation by users or LLM-driven agents.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
A live risk-configuration update endpoint is documented without warning that changing these parameters can immediately alter trading behavior and safety controls. In this skill's context, silent access to runtime risk tuning is dangerous because even small configuration changes can weaken guardrails, increase exposure, or bypass intended protections during active trading.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly encourages copy-trading and signal mirroring but does not include any warning that trading can result in losses, liquidation, or unsuitable risk exposure for end users. In a finance/trading context, omission of material risk disclosures can mislead downstream agents or users into treating the outputs as safe or recommended actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The payment quickstart shows live requests to a paid endpoint without an explicit warning that retries with a valid PAYMENT-SIGNATURE will spend real USDC. In a skill intended for agent use, users may copy examples directly and unintentionally authorize on-chain micropayments, making this more dangerous than a normal API tutorial because the payment flow is embedded into automation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The TypeScript example uses privateKeyToAccount("0x<your-private-key>") without any safety guidance, normalization of secure secret handling, or warning against hardcoding secrets. Readers may paste real wallet keys into source files, shells, notebooks, or agent configs, creating a high risk of credential theft and irreversible fund loss, especially given the same key is used to authorize payments.

External Transmission

Medium
Category
Data Exfiltration
Content
## Quick Start

1. Hit any agent endpoint: `GET https://api.hlprivateer.xyz/v1/agent/stream/snapshot`
2. Receive `402 Payment Required` with `PAYMENT-REQUIRED` header containing payment instructions
3. Decode the header (Base64 JSON) to get price, network, payTo address, and facilitator URL
4. Create and sign an x402 payment payload for the specified amount (USDC on Base)
Confidence
85% confidence
Finding
https://api.hlprivateer.xyz/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal