ClawHub

xtquant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent XtQuant trading SDK skill, but it gives an agent ready-to-run live trading and bank-transfer patterns without enough safety boundaries.

Install only if you intentionally want agent assistance with QMT/XtQuant workflows. Keep usage read-only by default, require explicit confirmation before any order, cancellation, transfer, or bank query, do not provide bank or fund passwords in prompts or source files, and test against a simulated or non-live environment before connecting a funded brokerage account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation provides copy-pastable examples that submit and cancel live stock orders against a real trading account without any warning that these are not sandbox operations. In a trading SDK context, users may reasonably run quick-reference snippets directly, which can trigger unintended market transactions, financial loss, or account activity if connected to a live QMT environment.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README includes a concrete order placement example against a real trading API without any warning that it can execute live trades and affect an actual brokerage account. In an agent-skill context, users or downstream agents may copy, adapt, or run the example as-is, creating a meaningful risk of unintended financial transactions and account state changes.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill includes concrete live-trading code that connects to a real broker-linked QMT client, places orders, queries assets, and cancels orders without any prominent warning to use a paper/simulated environment first or to require explicit user confirmation before execution. In an agent context, this materially increases the chance of unintended real financial transactions, especially because the examples are immediately runnable with only account/path substitution.

Missing User Warnings

High
Confidence
98% confidence
Finding
This example wires real-time market-data callbacks directly to autonomous buy/sell order placement, creating an event-driven auto-trading loop with no human approval step, simulation requirement, or risk controls. In an agent setting, such code can cause immediate unintended trades from transient price movements, logic bugs, repeated triggers, or misconfiguration of a live account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This trading skill documents bank-transfer APIs that require bank and fund passwords but provides no warning about secret handling, storage, redaction, or logging. In a financial trading context, this is dangerous because users may embed credentials directly in code, config files, notebooks, or logs, leading to credential theft and unauthorized fund movement.

Ssd 3

Medium
Confidence
93% confidence
Finding
The example includes a literal bank password in code and prints the transfer result in a banking workflow. Even if the sample password is illustrative, this normalizes unsafe credential handling and can lead users to copy the pattern into production, where secrets may be exposed in source repositories, screenshots, or terminal history.

Ssd 3

Medium
Confidence
90% confidence
Finding
The example iterates through bank info results and prints all attributes, which can expose bank account numbers and related financial identifiers to logs or consoles. In a brokerage/banking integration, even read-only account metadata is sensitive and can aid fraud, social engineering, or account correlation.

Ssd 3

High
Confidence
98% confidence
Finding
This example shows a literal bank password passed directly to the balance-query API and then prints all returned fields, including sensitive financial data. In the context of securities and bank account integration, this creates a strong copy-paste hazard that can expose credentials and balances through code, logs, notebooks, shared terminals, and support bundles.

Ssd 3

Medium
Confidence
92% confidence
Finding
Printing all bank transfer stream fields exposes sensitive transaction history, account identifiers, dates, and amounts. In a financial SDK, transaction history is highly sensitive and can reveal behavioral patterns, balances, counterpart timing, and other information valuable to attackers or unauthorized insiders.

Ssd 3

Low
Confidence
84% confidence
Finding
The shareholder account query example prints all returned attributes, including account identifiers that may be sensitive in brokerage environments. The impact is lower than password or bank-balance exposure, but it still encourages unnecessary disclosure of identifiers that should be masked in logs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal