ClawHub

Crypto Daily Dashboard

Security checks across malware telemetry and agentic risk

Overview

This dashboard is mostly aligned with its crypto-account purpose, but it needs Review because an optional setting can run a shell command from an environment variable.

Install only if you are comfortable with a networked finance dashboard. Use Binance keys with read-only permissions, no withdrawal or trading rights, and IP restrictions where possible. Do not set ECONOMIC_TRACKER_PATH unless you fully trust the exact local script and path; the publisher should replace the shell-string execSync call with a validated execFile or spawn call and correct the third-party data disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of environment variables for sensitive Binance API credentials, but the skill metadata declares no corresponding permissions. This creates a transparency and consent gap: an agent or user may run the skill without realizing it accesses local secrets, which is especially risky for financial API keys. In the context of a crypto dashboard, undocumented env access is more dangerous because the expected secrets are high-value account credentials.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The security section claims 'No data sent to third parties' while the same file documents calls to CoinGecko, Binance, and Alternative.me APIs. Misrepresenting outbound network behavior can mislead users into exposing portfolio-related or metadata-bearing requests to external services they did not intend to contact. In a finance-focused skill, this is more sensitive because even read-only usage can reveal trading interest, IP metadata, timing patterns, and potentially account-linked information.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The dashboard executes a local Python script using execSync with a shell command constructed from an environment-controlled path. Because the path is interpolated directly into a shell string without validation or escaping, an attacker who can influence ECONOMIC_TRACKER_PATH can achieve command injection and arbitrary code execution.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The shell command uses a user-provided path in execSync without escaping or confirmation, making the environment variable a command injection sink. In a skill context, environment variables are commonly user- or deployment-controlled, so this can lead to arbitrary local command execution under the current user account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal