ClawHub

Clawtrade Bnb

Security checks across malware telemetry and agentic risk

Overview

This skill is a real crypto-trading tool that can move funds, but its safety controls and documentation do not reliably match what the code actually enforces.

Only install or run this with a dedicated testnet wallet or a wallet containing funds you are prepared to risk. Do not rely on the advertised pause, suggest-only, or dashboard controls until the code enforces them, and avoid mainnet use without an audit, explicit transaction limits, authenticated local APIs, and a safer key-management approach such as a hardware wallet or restricted signer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (118)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes use of environment variables for private keys and network/RPC access, but the metadata shown in this file does not declare corresponding permissions. For an autonomous trading agent that can switch to mainnet and execute transactions, undeclared env and network capabilities reduce transparency and informed consent, increasing the chance that users run code with fund-moving access they did not explicitly approve.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated description understates the full operational scope: the file indicates contract deployment, local HTTP/dashboard serving, possible notifications/integrations, and direct on-chain execution affecting real assets. Description-behavior mismatch is dangerous here because users may install a 'trading agent' without realizing it also exposes services, manages contracts, and can perform live mainnet actions, which materially changes the risk profile.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The completion report identifies the artifact as 'yield-farming-agent' while the declared skill is 'clawtrade-bnb'. This kind of identity mismatch undermines provenance and trust, and can mislead reviewers or operators into deploying a skill whose documented behavior does not match what they intended to install.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The document describes a deterministic yield-farming optimizer, but the skill metadata claims an autonomous multi-strategy BNB trading agent with network switching and reinforcement learning. This discrepancy can conceal missing features, substituted logic, or repurposed code, causing users to rely on capabilities or safety properties that do not actually exist.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The publication and installation instructions refer to different names and paths such as YieldVault/yield-farming-agent versus the declared clawtrade-bnb skill. In a security-sensitive DeFi context, identity mismatches can mislead users into publishing, installing, or reviewing the wrong package, increasing the risk of deploying unintended code or trusting the wrong artifact.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The file describes a YieldVault yield-farming agent, while the provided skill metadata says this is clawtrade-bnb, an autonomous BNB trading agent. This whole-file mismatch is a serious trust and supply-chain problem because users may assess one behavior while installing another, especially when the documentation promotes autonomous on-chain execution and private-key use.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest materially misrepresents the skill’s capabilities by advertising an autonomous DeFi trading agent with network switching and reinforcement learning, while the described files only support a deterministic yield-farming decision engine. In a financial automation context, this can cause operators to overtrust the system, deploy it under false assumptions, and skip controls they would otherwise require for a simpler off-chain component.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The manifest suggests deployment and on-chain integration readiness even though the described implementation is only an off-chain engine plus documentation and examples. This can mislead users into treating design docs or stubs as production controls, increasing the risk of unsafe integration into real fund-handling workflows.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file documents a 'Yield Farming Agent' while the declared skill is an autonomous BNB-chain trading agent, creating a material identity and scope mismatch. In an autonomous finance context, this can mislead operators, auditors, and users about what code paths, strategies, and risks are actually present, increasing the chance of unsafe deployment, incorrect approvals, or review bypass.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The checklist states the core engine is deterministic, while the manifest claims reinforced learning, which indicates conflicting descriptions of decision logic. For a financial agent, this inconsistency undermines risk assessment, testing methodology, and control design because deterministic systems and adaptive learning systems require very different safeguards, monitoring, and approval expectations.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The integration guide is materially inconsistent with the skill metadata: it documents a yield-farming automation flow rather than the declared multi-strategy DeFi trading agent. In a financial automation context, this mismatch can cause operators to deploy the wrong contracts, permissions, and monitoring assumptions, leading to misconfiguration and unsafe handling of real funds.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The guide claims cryptographic auditability and on-chain hash verification, but the sample code is internally inconsistent: Solidity uses bytes32 comparisons while the structs define hashes as string, and the provided verification function only checks for nonzero storage rather than recomputing and validating integrity. This can give users a false sense of tamper-resistance while allowing malformed or unauditable execution records to be accepted or unverifiable in production.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file documents a yield-farming agent, while the declared skill is an autonomous DeFi trading agent for BNB Chain. This mismatch can cause operators, reviewers, or downstream automation to misunderstand what code is being deployed and what on-chain behaviors are expected, increasing the chance of unsafe execution or incomplete review of fund-affecting functionality.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The guide claims deterministic decision output, but the example injects placeholder APR, fees, risk scores, and TVL estimates rather than sourcing validated live inputs. This can mislead users into trusting reproducibility or auditability claims when actual decisions may vary based on arbitrary or incomplete data transformations.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The quickstart content materially conflicts with the declared skill metadata: it documents a yield-farming agent under a different path/name than the manifest-declared BNB-chain trading agent. This kind of identity/documentation mismatch can cause operators to run the wrong code, misjudge the skill’s capabilities, or trust controls and assumptions that do not apply to the actual artifact, which is especially risky for financial automation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The quick test instructions point to a different skill directory (`yield-farming-agent`) than the declared skill (`clawtrade-bnb`), which is a supply-chain/integration integrity problem. An operator following these instructions could validate or run the wrong codebase, causing deployment of unreviewed logic and masking malicious or broken behavior in the actual skill.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation describes vault-reading and yield-farming behavior, while the skill metadata claims an autonomous BNB Chain trading agent with multi-strategy execution. This mismatch can mislead reviewers and operators about what the agent really does, reducing scrutiny and increasing the chance that unsafe trading or contract interaction logic is executed under false assumptions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README materially misrepresents the skill’s capabilities by describing a deterministic yield-farming allocator while the manifest advertises an autonomous DeFi trading agent with multi-strategy, network switching, and reinforced learning. In a financial automation context, this kind of documentation/manifest mismatch can cause unsafe deployment assumptions, incorrect risk review, and operator misuse of a component that may be trusted for capabilities or constraints it does not actually have.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The README’s claim of a deterministic decision engine directly contradicts the manifest’s claim of reinforced learning, which is a meaningful security and operational difference for an autonomous finance skill. Reviewers, integrators, and users rely on this distinction to assess predictability, reproducibility, and auditability; inconsistent claims can lead to inappropriate trust, monitoring gaps, and unsafe production use.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The replication guide materially misdescribes the skill by presenting it as an exact replica of a yield farming agent while the metadata describes a broader autonomous DeFi trading system. This kind of scope mismatch can cause operators to underestimate capabilities, permissions, and risk boundaries, especially in a financial automation context where trading, network switching, and learning behavior change the threat model.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documentation calls local JSON/JSONL artifacts 'On-Chain' logging even though the listed files are ordinary local logs. This can mislead users and auditors into believing actions are immutably recorded on-chain when they may only exist locally and be modifiable or incomplete, weakening forensic trust and operational oversight.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The completion report describes a different skill ('Yield Farming Agent') than the declared skill metadata ('clawtrade-bnb' for BNB Chain multi-strategy trading). This kind of identity and scope mismatch is a real security concern because users, reviewers, or automated tooling may approve or deploy the package under false assumptions about what it does, reducing trust and weakening review quality.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The report claims a deterministic yield-farming decision engine while the manifest describes a reinforced-learning trading agent. Contradictory statements about decision logic materially affect risk assessment, because deterministic policy behavior, learning behavior, and market-trading behavior have very different safety, auditability, and failure characteristics.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented operations are restricted to vault actions like deposit, withdraw, harvest, and compound, which does not match the broader trading capabilities promised by the manifest. This discrepancy can mislead operators into granting permissions, capital, or trust to an agent whose real behavior and constraints are not what they expect.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The handler constructs a supposedly sanitized log object, but the trailing spread operator (`...parsed`) re-adds every original field from the log entry into the API response. This defeats the stated safety filtering and can expose unintended sensitive or dangerous fields from `execution-log.jsonl`, including internal metadata, secrets accidentally logged, or attacker-controlled content that downstream consumers may trust.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal