ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QStrader - AI Trading Assistant

v1.0.0

AI Trading Assistant for quantumstocks.ru. Automated hedge fund with market analysis, risk management, and trade execution via n8n MCP. Use when analyzing ma...

0· 49·0 current·0 all-time
by@antonby77
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a trading assistant using n8n MCP, which matches the code (mcporter calls, risk checks, logging). However the registry metadata declares no required environment variables or binaries even though SKILL.md and scripts expect .env entries (N8N_MCP_URL, QDRANT_URL, QDRANT_API_KEY, LIGHTRAG_USERNAME/PASSWORD, OPENROUTER_API_KEY) and require 'mcporter' and Python. This mismatch between declared requirements and actual needs is an incoherence.
!
Instruction Scope
SKILL.md and scripts instruct the agent to call many MCP endpoints including write endpoints (Place_Order, Close_an_open_deal). The documentation insists on human confirmation for writes, but nothing in the code enforces interactive confirmation — the agent or an automated workflow could call Place_Order if prompted. Scripts also read local mcporter config files (~/.openclaw/workspace/config/mcporter.json and similar) and reference instrument.json paths, which gives access to existing configured broker connections and their credentials if present.
Install Mechanism
There is no formal install spec (instruction-only), which lowers install-time risk. setup.sh is provided and suggests installing mcporter via npm; the skill will instruct users to run that script. No remote downloads or obfuscated installers are present in the package, but running setup.sh or the suggested npm install will modify the host environment and may register MCP endpoints.
!
Credentials
The package expects multiple secrets and endpoints (.env.example lists N8N_MCP_URL, QDRANT_URL/KEY, LightRAG creds, OPENROUTER_API_KEY) yet the skill metadata declares none. Requesting broker/control endpoints and database/LLM keys is reasonable for this purpose, but those are sensitive credentials and their absence from the declared requirements is misleading and reduces the ability to evaluate privilege scope before install.
Persistence & Privilege
always:false and normal model invocation behavior — no forced permanent inclusion. setup.sh may add a mcporter config entry (mcporter add my-n8n-mcp) into the user's mcporter configuration which is expected. The combination of autonomous invocation (platform default) plus the skill's ability to call write endpoints is worth attention, but autonomous invocation alone is not a disqualifier.
What to consider before installing
This skill appears to implement what it claims (market analysis, risk checks, and mcporter-based trading), but there are important mismatches and operational risks you should address before installing: 1) Metadata mismatch: The skill DOES expect and instruct you to populate a .env with N8N_MCP_URL, QDRANT and LightRAG credentials, and an OpenRouter key, yet the registry lists no required env vars. Don’t assume the registry has enumerated needed secrets — inspect and populate .env yourself. 2) Broker write ability: The skill can call Place_Order and other write endpoints via mcporter. SKILL.md asks for human confirmation, but the code does not technically enforce an interactive confirmation step. If you allow autonomous agent actions, an agent could place live orders. Limit agent autonomy or require an explicit, auditable manual confirmation step before any write call. 3) mcporter config and scope: The scripts auto-detect and use existing mcporter config files (~/.openclaw/workspace/config/mcporter.json, ~/.mcporter/mcporter.json). Before running, inspect those files to ensure they reference only broker/MCP endpoints you control; otherwise the skill could use pre-existing credentials unintentionally. 4) Run in a safe environment: Test thoroughly in a sandbox or paper-trading account (n8n MCP test/demo) before connecting to live brokers. Verify risk_manager behavior (it returns non-zero on rejection) and that your operational process prevents accidental live orders. 5) Review .env.example and sources: Fill only the minimal credentials required, rotate keys used for testing, and avoid putting high-privilege production keys into the skill until tested. Consider restricting OPENROUTER/QDRANT keys to limited-scope/test projects. 6) Operational checks: If you intend to use this skill, update the registry metadata to list required env vars and required binaries (mcporter, python3). Add or demand a programmatic confirmation step (or disable autonomous invocation) before write endpoints are called. If you want, I can produce a checklist you can run before enabling the skill or suggest a minimal .env and a safe confirmation wrapper to enforce manual approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk971as785cbydk1ew6fs0qdx8h83ps66

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments