ClawHub

binance square 币安广场

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated purpose, but it can publish publicly and tells the agent to persist a Binance posting key in the skill file.

Review before installing. Use only a dedicated least-privilege Binance Square posting key, not any trading or withdrawal-capable credential. Require confirmation of the exact final public post, and do not allow the agent to save the key in SKILL.md or any prompt file; use a proper secret manager or environment variable instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad natural-language phrases like 'post to square' and '帮我发一条…', which can overlap with ordinary conversation and cause unintended skill activation. In a skill that publishes user content externally, accidental triggering can lead to unintended public posts, privacy leakage, or reputational harm, especially if the agent auto-optimizes and proceeds toward posting.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to provide an API key and states that it will be stored for future use, but it does not clearly explain where the credential is stored, how it is protected, whether it is encrypted, or what exposure risks exist in an agent environment. In a skill that posts to a financial platform, normalizing long-term storage of a user credential without explicit security guidance increases the chance of credential misuse, leakage, or over-privileged key retention.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is configured to auto-run on broad phrases like 'post to square' and 'square post' without any explicit confirmation gate in the trigger definition. Because this skill publishes content to an external public platform, loose activation increases the risk of accidental posting or prompt-injection-style coercion causing unintended public disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The overview says only 'Post text content to Binance Square' and does not prominently warn that content will be sent to an external third-party service and made publicly visible. In an agent context, insufficient disclosure can mislead users and increase the chance that sensitive, private, or draft content is published externally without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal