ClawHub

anchored-vwap-scalper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto trading bot, but it can place real BTC market, stop, and limit orders with only an environment-variable dry-run switch as the safety gate.

Install only if you intentionally want an automated crypto trading agent. Keep DRY_RUN=true until you have reviewed the strategy, use a dedicated Lighter account with minimal funds and restricted permissions, and do not enable live trading unless you accept the risk of automatic financial loss.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises production trading behavior and requires sensitive trading credentials via environment variables, while static analysis detected capabilities such as env access and file writing without corresponding declared permissions. In an automated agent ecosystem, this undermines trust boundaries and can enable secret exposure, unsafe local state writes, or unauthorized trade-related actions without transparent permission prompts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code can place real market, stop, and take-profit orders and persist trading state without any explicit interactive confirmation or strong safety gate beyond an environment-controlled dry-run flag. In the context of an autonomous trading skill, that is dangerous because misconfiguration, unintended invocation, or orchestration by another component could trigger live leveraged trades and financial loss without the operator realizing live execution is enabled.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal