ClawHub

HeyTraders Quant Skills

Security checks across malware telemetry and agentic risk

Overview

This is a real trading-platform skill, but it gives an agent broad access to account-linked trading actions without enough in-skill scoping or confirmation guidance.

Install only if you intend to use HeyTraders. Keep access research-only unless you deliberately need account reads or trading, verify every claim-code request, order, cancellation, subscription, public post, and webhook URL yourself, and revoke claimed agents or API keys when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill metadata description says to use the skill when the user wants to trade, backtest, screen, analyze markets, or interact with the platform, which is broad enough to match many generic finance requests. This can cause over-invocation of a capability that reaches an external trading service and may lead the agent into unnecessary account-linked or transactional workflows.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The 'Use this skill when' guidance includes generic triggers like trade, buy/sell, backtest, screen/scan, or analyze crypto/prediction markets, which are not limited to this specific platform. In a tool-selection environment, such ambiguity can route ordinary analysis requests into a live-capable trading integration, increasing the chance of unintended external actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill documents live order placement and cancellation endpoints without an explicit warning that these operations can move real funds or alter live positions. In this context, the omission is dangerous because the same skill also supports account access and trading scopes, so a model may treat destructive actions as routine API calls rather than requiring heightened consent and confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal