ClawHub

Trading Decision Pro

Security checks across malware telemetry and agentic risk

Overview

This skill does not look like malware, but it presents trading recommendations and backtests as real analysis while the implementation generates key results from random simulated values.

Review carefully before installing. Treat this as a simulator or demo, not a trading advisor. Do not rely on its recommendations or backtests for real trades, and do not provide exchange or market-data API keys unless the publisher documents real data sources, key scopes, and clear simulated-output labeling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
74% confidence
Finding
The skill advertises code usage with an `apiKey` and runtime behavior that implies access to environment-derived secrets, yet the manifest does not declare corresponding permissions. Undeclared secret or environment access reduces transparency and can cause the host or user to grant trust to a skill whose effective capabilities are broader than documented.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The declared description says the skill is a trading decision assistant, but the documented behavior includes additional analytical and backtesting capabilities that materially expand what it does. Capability mismatch is risky because users and security tooling rely on the high-level description to assess trust, data exposure, and operational scope; understated scope can mask higher-risk functionality.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises market sentiment analysis and trade recommendations, but the core outputs are derived from simulated/random values rather than real market data. In a trading context, this is dangerous because users may rely on fabricated analytics to make financial decisions, leading to direct monetary loss while believing the outputs are data-driven and real-time.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code claims to perform volume confirmation but instead increments the confluence score using a fresh random value. This misrepresents the basis for a trading signal and can falsely increase user confidence in BUY/SELL outputs, especially because 'volume confirmation' is a meaningful trading concept users may trust.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The backtest feature presents randomized numbers as if they were historical strategy results, including win rate, Sharpe ratio, drawdown, and monthly breakdowns. In a financial product, fabricated backtests are highly dangerous because they can mislead users into believing a strategy is empirically validated, potentially causing substantial financial harm.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill provides recommendations and signals without clear user-facing disclosure that important analytics are simulated/randomized. In the trading domain, omission of this warning materially increases risk because users may reasonably interpret outputs as legitimate market analysis and act on them with real capital.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The package description advertises broad 'AI-powered' trading assistance, market sentiment analysis, risk assessment, and real-time trade recommendations without defining narrow triggers, boundaries, or user-consent conditions. In an agent skill ecosystem, ambiguous capability descriptions can cause over-broad activation or misuse in sensitive financial contexts, increasing the chance the skill is invoked for high-risk decision support beyond what users expect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal