ClawHub

Binance Fiat

Security checks across malware telemetry and agentic risk

Overview

This Binance helper is related to its stated purpose, but it gives an agent too much unsupervised access to financial API credentials and stores them in a plaintext local file.

Review carefully before installing. Use a dedicated least-privilege Binance API key, disable withdrawal permission unless absolutely required, add IP restrictions where possible, do not store real keys in TOOLS.md or generic .env files, and require explicit approval for every authenticated request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond using supplied credentials for a single Binance Fiat action and instructs the agent to persist newly provided API keys in TOOLS.md. That creates a new secret-storage capability, increasing the blast radius from transient API use to local credential retention, possible later disclosure, and accidental inclusion in logs or version control.

Missing User Warnings

High
Confidence
97% confidence
Finding
Allowing the agent to make authenticated HTTP requests automatically with retrieved API credentials removes an important consent boundary for sensitive financial account access. Even if some endpoints are read-only, the skill context includes authenticated fiat operations and account history, so automatic execution can expose private financial data or trigger unintended actions if endpoint selection is mishandled.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs the agent to store newly provided credentials locally without a clear warning that this is persistent secret storage. Persisting exchange API keys in a general file can lead to later leakage through file reads, backups, syncing, logs, or accidental commits, and is especially risky in a financial skill handling live account credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal