ClawHub

crypto-monitor

Security checks across malware telemetry and agentic risk

Overview

This crypto monitoring skill is mostly read-only and purpose-aligned, but users should notice that it can make external API calls and tries to install jq automatically if missing.

Install only if you are comfortable with the skill making public crypto API requests. Review or remove the automatic jq installation line if you do not want skills to change system packages, and do not provide wallet seed phrases, private keys, or exchange credentials to this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script silently attempts to install jq with apt-get when it is missing, which modifies the host system and may require elevated privileges. For a read-only price monitoring utility, unexpected package installation is an unnecessary side effect that can violate least privilege, trigger unwanted package manager activity, and create risk in automation or agent-executed contexts.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list is very broad, covering common crypto terms in both English and Chinese such as 'crypto', 'BTC', 'ETH', '价格', and 'token price'. Broad triggers can cause the skill to activate during ordinary conversation, unexpectedly invoking shell/network-backed functionality and exposing users to unrequested external lookups or follow-on actions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger conditions are described in high-level, ambiguous terms like 'market trends', 'DeFi protocol information', and 'token discovery and research' without clear scope limits. In the context of a skill that uses shell scripts and internet access, this ambiguity increases the risk of over-activation and unintended execution paths when users discuss adjacent topics.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script attempts to install jq without warning or confirmation, creating an unexpected system-changing action during normal execution. In agent or automation environments, silent package installation can be abused to trigger privileged operations, break reproducibility, or cause unauthorized software changes on the host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal