ClawHub

Coinw Spot Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real CoinW trading API skill, but it gives an agent high-impact account authority and has weak guidance around handling exchange credentials and signed request data.

Install only if you intentionally want an agent to access and operate on your CoinW account. Use a dedicated least-privilege API key, disable withdrawal or transfer permissions unless strictly needed, enable IP whitelisting where possible, avoid pasting secrets into chat or support requests, redact signed commands and logs, and require explicit confirmation before any order, cancellation, cancel-all, or transfer action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
98% confidence
Finding
The README explicitly tells users they may provide CoinW API credentials by 'sending them directly to the agent in the chat,' which encourages unsafe secret handling. Chat channels, agent memory, logs, telemetry, and downstream tool integrations may retain or expose those credentials, creating a realistic risk of account compromise and unauthorized trading or asset transfers.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document tells users to generate an API key and notes that the secret key is only visible for one hour, but it does not explicitly warn that the secret must never be shared, committed to source control, pasted into chats/logs, or stored insecurely. In a trading skill context, exposed API credentials can enable unauthorized account access, trading activity, and, where broader permissions are granted, potentially asset movement or other account abuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The support section asks users to provide highly sensitive data including complete request commands, user ID, timestamps, IP address, full API responses, and screenshots/logs, but gives no warning to redact API keys, secrets, auth headers, cookies, or other personal/account data. In an API skill context, users troubleshooting auth and signing issues are especially likely to share credential-bearing material, which can expose accounts, enable replay of signed requests, or leak personal and trading information.

External Transmission

Medium
Category
Data Exfiltration
Content
params="api_key=$COINW_API_KEY&amount=0.001&funds=1&isMarket=1&out_trade_no=1&rate=40000&symbol=BTC_USDT"
sign_string="$params&secret_key=$COINW_SECRET_KEY"
sign=$(echo -n "$sign_string" | openssl md5 | cut -d' ' -f2 | tr '[:lower:]' '[:upper:]')
curl -X POST "https://api.coinw.com/api/v1/private?command=doTrade&$params&sign=$sign"
```
## Security
When showing credentials to users:
Confidence
87% confidence
Finding
https://api.coinw.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal