ClawHub

Binance Meme Rush

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Binance Web3 market-data skill with over-eager run wording, but it does not show hidden local access, credential use, persistence, or destructive behavior.

Install this only if you want an agent to run live Binance Web3 lookups for meme-token and market-topic rankings. Treat the output as third-party market data, not trading advice, and ask the agent not to invoke the scripts when you only want general discussion or documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script's actual behavior conflicts with the skill metadata: instead of querying Pump.fun/Four.meme-style launchpad sources, it fetches Binance 'social-rush' rankings. This kind of capability mismatch is dangerous because it can mislead users and downstream agents into trusting data provenance, market coverage, and semantics that are not what the skill advertises, enabling incorrect trading or analysis decisions.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The inline comments explicitly describe a Binance topic-fetching tool, contradicting the skill's stated meme-launchpad purpose. In an agent ecosystem, misleading documentation increases the risk that reviewers, orchestrators, or users will invoke the skill under false assumptions, causing data integrity and trust failures rather than a direct code-execution issue.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description is broad enough to trigger this skill during generic market or trending-token discussions, even when the user did not ask for Binance Web3-sourced data or external lookups. Over-broad activation increases the chance of unnecessary tool use and unintended external requests.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The instruction to 'MUST immediately run the script' for any request about meme or trending tokens overrides normal safety and relevance checks and encourages automatic execution on ambiguous prompts. In an agent setting, mandatory execution language is risky because it can force unnecessary shell/script activity without confirming user intent or need.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal