ClawHub

Defi Trading Engine

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate DeFi trading helper, but it can place live crypto trades through Bankr with under-disclosed wallet credentials and weak live-trade controls.

Install only if you are comfortable giving an agent-assisted workflow access to a crypto trading wallet. Use a separate low-balance wallet, verify the Bankr CLI source, run explicit --dry-run tests first, require human approval for every live trade, protect ~/.bankr/config.json, and avoid enabling cron jobs or config changes unless you understand how to stop or reverse them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the user to copy and run Python scripts that read and write local files, invoke shell commands, and access networked trading infrastructure, yet it declares no permissions. This mismatch prevents informed consent and weakens any runtime policy model, which is especially dangerous because the documented workflow can execute real trades and persist data on disk.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module docstring states that risk checks always run, but the code exposes --skip-risk-check and also bypasses checks during dry-run. In a DeFi trading skill, this mismatch is dangerous because operators or downstream agents may trust the safety guarantee and execute real trades without mandatory controls, leading to unauthorized or outsized trades.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description contains broad trigger phrases such as general crypto trading, trading bot, Bankr integration, and strategy execution, which can cause the skill to be invoked for loosely related requests. In this context, overbroad routing is risky because the skill's instructions include shell execution and potential live on-chain trading, so accidental activation could expose users to financial loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The quick-start and trade execution sections show concrete commands for placing buys and sells, but they do not prominently warn that these commands may submit irreversible live on-chain transactions with real funds. Because the skill is framed as an autonomous trading engine, the absence of a strong live-funds warning materially increases the chance of accidental real-money trades.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The guide states that Bankr configuration is saved to ~/.bankr/config.json after login, but it does not warn that this file may contain sensitive API credentials requiring filesystem protection. In a trading-bot context, locally stored exchange or wallet-related credentials can be stolen from a compromised host, exposed via backups, or accidentally committed/shared, enabling unauthorized trading activity or account abuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file provides concrete DeFi trading strategies, position sizing, exit rules, and portfolio allocations without any explicit warning that users can lose real money, face volatility, slippage, smart-contract risk, or total loss. In the context of an autonomous DeFi trading engine, the omission is more dangerous because users may treat the guidance as safe or validated operational advice and deploy it directly with real funds.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal