ClawHub

Crypto Funding Alert

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Binance funding-rate scanner that reads public market data and saves local history, with no credential use or trade execution.

Install only if you are comfortable with the skill contacting Binance public endpoints, saving local scan history, and producing risky crypto futures suggestions. Treat its recommendations as research rather than guaranteed risk controls, and only enable cron jobs or webhooks if you want recurring scans or external alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Low
Confidence
90% confidence
Finding
The skill persists scan history to a local JSONL file under a default workspace path, but this behavior is not clearly disclosed in the manifest/help text. While the data logged is not highly sensitive by itself, undisclosed persistence can surprise users, leak trading interests to other local users/processes, and violate least-surprise/privacy expectations.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The header claims 'Position size ≤ 30% capital' as a safety rule, but the implementation never calculates user capital or constrains recommendation size. This creates a mismatch between documented and actual risk controls, which can mislead users into acting on recommendations they believe are safety-bounded when they are not.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code advertises 'Trend-aware filtering' as a safety rule, but trend is only one scoring input and the scanner still outputs WATCH/MODERATE opportunities for flat or negative trends. In a trading context, overstating filtering rigor can materially increase user exposure because recommendations appear safer than they are.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes historical scan results and config values to disk without disclosing this in the main usage/help path. In shared or managed environments, persistent logs can reveal trading strategies, watchlists, and operational habits to other users or tooling, making this more than a mere documentation issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal