ClawHub

Web3 Investor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote DeFi research skill, but users should avoid sending private financial details or secrets to the Antalpha MCP server.

Install only if you are comfortable sending DeFi research prompts, risk preferences, and session-linked intent to Antalpha's remote server. Do not include seed phrases, private keys, exchange credentials, wallet secrets, or unnecessary personal financial details, and independently verify any investment recommendation before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that discovery, analysis, and comparison are powered by a remote MCP server, but it does not clearly warn users that their natural-language investment queries and related inputs will be transmitted off-device. In a finance-oriented skill, users may disclose sensitive portfolio goals, risk tolerance, or proprietary strategy information, so the lack of a prominent privacy/data-sharing notice creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says the skill is session-aware and remembers user preferences across calls, and later describes stored intent retrieval, but it does not explain that these investment preferences are retained remotely or what the retention boundaries are. Because this concerns financial intent data such as risk profile, capital nature, and liquidity needs, silent server-side storage increases privacy sensitivity and can surprise users or violate organizational data-handling expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The feedback command accepts arbitrary free-text reasons that are sent to the remote service, but the README gives no warning against including secrets, wallet details, account information, or other sensitive data. Free-text fields are a common path for accidental oversharing, and in this DeFi/investment context users may paste transaction details, holdings, or internal rationale that should not be broadly retained or processed.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The example invocation uses very broad natural-language requests, which can cause the skill to activate on vague finance-related user text without clear boundaries. In a skill that sends queries server-side and produces investment recommendations, over-broad triggering increases the chance of unintended data disclosure, unnecessary external calls, and advice generation outside the user's intended scope.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The multi-round example begins from the vague phrase 'Find me good yields' and accumulates session context across turns without documented trigger constraints or session-safety limits. This makes it easier for the skill to latch onto generic conversation, persist sensitive investment preferences, and continue external processing based on partial or inferred intent.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal