ClawHub

IBKR + OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it asks users to set up persistent live brokerage access with plaintext credentials while presenting the workflow as broadly read-only safe.

Review carefully before installing. Prefer a paper IBKR account, avoid live mode unless necessary, do not store your main brokerage password in a shared or backed-up workspace, restrict .env permissions, keep VNC disabled unless needed, and install Docker and the IB Gateway container only from reviewed or pinned sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill’s description materially understates risky behavior and overstates implemented capabilities. It instructs users to clone and run a third-party IB Gateway Docker setup and store brokerage credentials in plaintext, while advertising the workflow as 'read-only safe'; this can mislead users into exposing real financial credentials and enabling a live broker connection under a false sense of safety.

Session Persistence

Medium
Category
Rogue Agent
Content
### Step 3: Configure Environment

Create a `.env` file in the `ib-gateway-docker` directory:

```env
# IBKR Account
Confidence
98% confidence
Finding
Create a `.env` file in the `ib-gateway-docker` directory: ```env # IBKR Account TWS_USERID=your_username TWS_PASSWORD=your_password # Trading mode: live or paper TRADING_MODE=live # Read-only API

External Script Fetching

Low
Category
Supply Chain
Content
### Step 1: Install Docker

```bash
curl -fsSL https://get.docker.com | sh
docker --version
docker compose version
```
Confidence
92% confidence
Finding
curl -fsSL https://get.docker.com | sh

Chaining Abuse

High
Category
Tool Misuse
Content
### Step 1: Install Docker

```bash
curl -fsSL https://get.docker.com | sh
docker --version
docker compose version
```
Confidence
95% confidence
Finding
| sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal