ClawHub

mt5-trading-assistant

Security checks across malware telemetry and agentic risk

Overview

This MT5 trading skill is purpose-aligned but needs Review because it includes brokerage credentials and scripts that can immediately place or close trades without strong safeguards.

Review carefully before installing. Do not use this with a funded or live account until all embedded credentials are removed and rotated, secrets are moved to a secure runtime source, output is minimized or redacted, and every trade or close-position action has an explicit preview and confirmation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (22)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation explicitly instructs users to place MT5 account credentials, including plaintext passwords, directly into script files. This is dangerous because source files are commonly copied, backed up, logged, or committed to version control, which can expose live trading credentials and enable unauthorized account access and trading.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The docstring explicitly downplays embedded credentials as being only for demonstration, but the script actually uses those credentials to log in and place a real market order. This mismatch can mislead operators into treating the file as harmless sample code, increasing the chance of credential exposure and unintended live trading.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script documentation and CLI examples state that a positive price can be used for a 'Limit buy', but the code always submits a market deal via TRADE_ACTION_DEAL and ORDER_TYPE_BUY. In a trading automation context, this mismatch can cause users to execute immediately at market instead of placing a pending order, creating unintended financial exposure and potentially significant losses.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The function is presented as a simple 'quick account-status check', but it performs an authenticated login with embedded credentials and modifies terminal state by selecting a symbol. This mismatch is security-relevant because users or downstream agents may trust it as read-only/low-risk while it actually accesses a live account context and changes session state.

Intent-Code Divergence

Medium
Confidence
74% confidence
Finding
The script claims automated trading is enabled and 'test passed' without verifying that condition through the MT5 API or platform settings. Misreporting security- or trading-relevant state can mislead operators into making unsafe assumptions about the environment and may hide misconfiguration or unexpected behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad and include common trading-related phrases, which increases the chance the skill is invoked in contexts where the user did not intend to place or manage live trades. In a trading automation skill, unintended invocation is more dangerous because the exposed actions include order execution and position closing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installation steps tell users to enable MT5 auto-trading and later provide direct buy/sell execution commands, but they do not place prominent risk warnings or safety gates adjacent to those operational steps. In the context of a live trading skill, this increases the likelihood of users enabling automated execution without understanding financial or operational risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is unusually broad and includes generic phrases such as trading automation, execute trade, buy/sell orders, and account monitoring, which can cause the skill to be invoked in contexts broader than a narrowly scoped MT5 task. Because this skill supports real account actions and trade execution, overbroad invocation increases the chance of accidental routing into a financially sensitive skill and unintended high-risk actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation gives direct commands for buying, selling, and closing positions, including closing all positions, but does not place an immediate, explicit warning at the point of use that these actions can execute live trades and cause irreversible financial loss. In a trading automation context, omission of strong transactional warnings and confirmation requirements materially increases the risk of accidental destructive actions on real brokerage accounts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide tells users to enable MT5 auto-trading and later suggests running a buy-order test, but it does not place a prominent warning that these steps may execute real trades on a live account and cause financial loss. In this trading context, omission of an explicit risk disclaimer and safe-test guidance materially increases the chance of accidental real-money activity.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains hardcoded MT5 login credentials and uses them directly for authentication, exposing a live trading account to anyone who can read the source, logs, backups, or repository history. In this context, compromise can lead directly to unauthorized account access, fund loss, and abusive trading activity.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script submits a live buy order immediately once arguments are parsed, without any interactive confirmation, dry-run mode, or explicit safeguard distinguishing test from production execution. In a trading context, accidental invocation, bad parameters, or automation misuse can cause real financial loss within seconds.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script includes a config block that encourages users to place MT5 login, password, and server details directly in source code. In practice, this often leads to real credentials being committed to repositories, copied into shared files, or exposed through logs and backups, which can enable unauthorized account access and trading activity.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains hardcoded MT5 credentials, including an account identifier, password, and server, which is a direct secret exposure. Anyone with access to the code can reuse these credentials to access the trading account, view sensitive financial data, or potentially place or manage trades depending on account permissions.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script retrieves and prints account balances, equity, leverage, open positions, and profit/loss information without prior warning or consent flow. In an agent skill context, this increases the risk of unintended disclosure to logs, consoles, shared terminals, screenshots, or higher-level orchestration systems that capture output.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains hardcoded MT5 account credentials, which exposes sensitive secrets to anyone with access to the code, logs, repository, backups, or deployment artifacts. Because these credentials are immediately used to authenticate to a trading platform, compromise could allow unauthorized account access and destructive trading actions such as closing positions or otherwise manipulating the account.

Missing User Warnings

High
Confidence
96% confidence
Finding
This function can close all positions for a symbol with no confirmation, dry-run mode, or explicit user acknowledgement, making it easy to trigger irreversible financial actions accidentally or through misuse. In the context of an agent skill or automation, such destructive trading behavior is especially dangerous because a mistaken invocation can immediately liquidate active positions and realize losses.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The specific-ticket close operation sends a real closing order immediately after locating the position, without any confirmation or secondary validation. Although narrower than the bulk-close function, it still enables irreversible account changes and could be abused or mis-invoked to close the wrong trade if the ticket is provided incorrectly or maliciously.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script submits a live MT5 sell order immediately after parsing CLI arguments, with no interactive confirmation, dry-run mode, environment gating, or other safeguard before executing a destructive financial action. In this context, the risk is amplified because the file also contains hardcoded live trading credentials and targets a real trading platform, so accidental invocation or misuse can directly place unauthorized market orders and cause financial loss.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains hardcoded trading account credentials and uses them directly to authenticate to a live external service. Anyone with access to the file can extract and reuse the password, potentially gaining unauthorized access to the trading account and any associated financial data or actions permitted by that account.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script retrieves and prints sensitive financial account details, including balance, equity, margin, positions, ticket numbers, and profit/loss, directly to standard output. In agent or shared execution environments, console output may be logged, exposed to other users, or retained in history, causing unintended disclosure of private financial information.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script hardcodes live MT5 login credentials directly in source code, exposing a trading account username, password, and server. Anyone with access to the file, repository, logs, screenshots, or copied snippets can reuse these secrets to access the account, view data, or potentially place trades depending on account permissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal