ClawHub

miniQMT

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate miniQMT trading skill, but it exposes live trading, bank-transfer, and password-handling examples without enough safety warnings or user-control guidance.

Install only if you understand miniQMT can affect real brokerage and bank-linked accounts. Use paper or test accounts first, do not copy examples into a live session, never hardcode bank or fund passwords, restrict export paths, and require explicit human approval for every live order, automated strategy, transfer, or account-data export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented capability set materially exceeds the stated skill scope by including bank-transfer and inter-account fund movement operations. In an agent setting, this expands the blast radius from market data/trading into direct cash movement, which can cause immediate financial loss if exposed without strong user consent and guardrails.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill description suggests market data and trading only, but the API also supports importing external transactions and exporting account data to CSV. This hidden capability expansion can enable sensitive financial data exfiltration or unauthorized record manipulation in environments that trust the narrower description.

Missing User Warnings

High
Confidence
96% confidence
Finding
The document shows executable trading code that places a live stock buy order against a real account object, but it does not warn that this can submit an actual market transaction with financial consequences. In a quick-reference context, readers may copy and run the snippet directly, increasing the risk of unintended trades, monetary loss, and misuse in automation pipelines.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly advertises real-money trading capability but does not warn users that actions may affect a live brokerage account. In the context of an agent skill, omission of a clear safety warning increases the chance that a user or downstream agent invokes trading functions without understanding the financial consequences.

Missing User Warnings

High
Confidence
98% confidence
Finding
The trading example shows `order_stock()` for a live account without any warning that it may submit a real buy order. In an agent-integrated environment, users may copy or automate this snippet directly, leading to unintended market orders, financial loss, or unauthorized trades if valid credentials are present.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill provides concrete code for connecting to a live brokerage account and placing real orders, but it lacks strong warnings, simulation-only defaults, or explicit user-confirmation requirements before trade execution. In an agent context, this increases the risk of accidental or unauthorized live trading, which can directly cause financial loss even without a classic software exploit.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document exposes sensitive financial and credential-handling APIs, including fund transfers and password-bearing calls, without strong user-facing risk warnings. In an agent or automation context, lack of warnings and operational constraints increases the chance of accidental irreversible transactions, unsafe credential handling, and misuse of privileged actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The examples include real-looking account identifiers and plaintext passwords without any warning not to use production credentials in sample code. This normalizes insecure secret handling, risks accidental credential reuse, and can lead to immediate compromise or fraudulent transfers if copied into real environments.

Ssd 3

High
Confidence
99% confidence
Finding
The documentation contains hardcoded real-looking financial identifiers and plaintext passwords in examples for banking and trading operations. In this skill context, that is especially dangerous because the surrounding APIs can directly move funds and query sensitive accounts, so copied examples can cause credential exposure, unauthorized access, or financial loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal