ClawHub

Crypto Investment Strategist

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its crypto analysis purpose, but it turns off important connection security checks for live market data that could influence investment advice.

Review before installing if you might act on the output for real trades. Prefer the virtualenv setup, avoid logging sensitive investment notes, independently verify prices and market data, and treat the live-data fetcher as unsafe until TLS verification is restored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The HTTP helper explicitly disables TLS certificate validation and hostname verification before making HTTPS requests. This allows a machine-in-the-middle attacker on the network path to spoof Binance or CoinGecko responses, inject false market data, or tamper with API error handling. In an investment-analysis skill, poisoned price, OHLCV, funding, or order-book data can directly drive bad trading recommendations, making the context materially more dangerous than a generic data fetcher.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The CLI accepts an arbitrary --output path and writes fetched data to that location with no path restrictions or safety checks. In isolation this is a normal command-line feature, but in an agent skill context it can be abused to overwrite user-accessible files, drop content in sensitive locations, or participate in multi-step attacks if an attacker can influence arguments or tool invocation. The investment-analysis context does not require arbitrary filesystem writes, so this capability is broader than necessary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README markets ranking, allocation, and execution planning for crypto investments without clearly warning that users can lose money, that outputs are not financial advice, and that volatile assets can produce rapid losses. In a high-risk domain like cryptocurrency, omission of these disclaimers can cause users to over-trust the tool and act on recommendations as if they were safe or authoritative.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description is broad enough to trigger on many ordinary conversations about buying, selling, holding, or allocating capital, which can cause the skill to activate when the user did not intend to invoke a tool-driven investment workflow. In this skill, that matters because activation may lead to downstream shell execution, live data fetching, or logging behaviors that carry privacy and safety implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic live market-data fetching when the user provides only a symbol, but it does not warn that this may transmit the requested asset and related query details to external services. That omission undermines informed consent and can expose user interest, behavior, or workflow metadata through network requests the user did not explicitly approve.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The snapshot logging workflow writes analysis details such as symbol, action, price, and thesis to persistent local storage without any user-facing disclosure. Persisting investment analysis can create sensitive records about user interests or decisions, and those records may later be accessed, retained longer than expected, or reused outside the original conversation context.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase describing a 'one-command investment workflow' is broad enough to activate the skill for loosely related requests without clear boundaries. In a crypto-investment skill, overbroad activation can cause the agent to initiate ranking, allocation, and execution-style planning when the user did not explicitly request a full workflow, increasing the chance of inappropriate financial guidance or unintended tool orchestration.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'When to use' section uses permissive criteria like 'quick decision workflow' and 'ranked list plus allocation and next action' without constraints, which can match many ordinary crypto questions. Because this skill produces concrete capital allocation and staged action outputs, broad triggering raises the risk of overstepping user intent, generating actionable investment instructions from incomplete inputs, or chaining optional logging without sufficiently explicit consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal