ClawHub

Funding Rate Trader

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Binance futures trading purpose, but running the trader can place live leveraged trades with stored API keys without a dry run or confirmation.

Install only if you intend to let an agent interact with a Binance futures account. Use a dedicated API key with withdrawals disabled, minimal permissions, IP restrictions, strict local file permissions, and small exchange-side risk limits. Do not run trader.js automatically until you have reviewed the leverage, order size, symbol selection, and added a dry-run or explicit confirmation gate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This script reads Binance API credentials from a local secrets file and immediately uses them to query live futures positions, exposing sensitive account data access beyond a simple market-scanning function. In the context of an agent skill, accessing private account state without clear necessity or explicit user disclosure increases the risk of stealthy credential use and privacy-sensitive data collection.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script reads Binance API credentials from a local secrets file before performing a scan, even though the skill description states that scanning does not require an API key. Unnecessary secret access expands the blast radius of the skill: any compromise, logging, misuse, or future code change now operates with trading credentials when read-only market data would have sufficed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script accesses a sensitive local credential file with no user-facing warning, confirmation, or runtime disclosure. Even if intended for legitimate trading support, silent secret consumption is dangerous in agent environments because users may not realize the skill is touching exchange credentials and enabling authenticated account access.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs an authenticated network call to Binance to fetch live account positions without visible disclosure to the user. In this skill context, that is more dangerous because the advertised functionality emphasizes scanning/arbitrage, so hidden private API access can exceed user expectations and leak or misuse account information if the skill is run automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code silently accesses sensitive Binance credentials from the user's home directory with no warning, consent prompt, or indication that authenticated material is being used. In this skill context, that is more dangerous because the advertised behavior says scanning needs no API key, so users may reasonably run it expecting no secret access at all.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script places live leveraged Binance futures orders immediately after detecting a candidate, without any user confirmation, dry-run mode, environment safeguard, or prominent warning that real funds will be used. In the context of an auto-trading skill with 20x leverage and direct access to locally stored API keys, this can rapidly cause substantial unintended financial loss if the script is run accidentally, misconfigured, or manipulated by bad market data/logic errors.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal