ClawHub

Orynela Trading

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed sandbox trading API guide with a small adapter, and I found no hidden execution, real-money trading, persistence, or exfiltration behavior.

Use only sandbox-scoped Orynela credentials, store them in a secret manager or environment variables, do not commit or paste bridge tokens, API secrets, webhook secrets, or session cookies into prompts or repositories, and verify ORYNELA_API_BASE points to the intended Orynela endpoint before running the adapter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documents use of environment variables and outbound network access but does not declare corresponding permissions. This creates a transparency and governance gap: a host system may expose secrets or permit external requests without users realizing the skill needs them. In a trading-themed skill, this matters more because users may supply API keys and the skill is designed to communicate with a third-party service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly shows that self-registration returns `api_key`, `api_secret`, and `webhook_secret`, but it does not warn readers that these are sensitive credentials requiring secure storage, limited exposure, and rotation. In an agent-integration context, users may log, paste, or embed these secrets into prompts or code repositories, which could enable unauthorized signal submission or webhook forgery within the sandbox environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference shows use of a `Bearer <SHARED_BRIDGE_TOKEN>` for agent self-registration without any warning that the token is highly sensitive or that 'shared' credentials increase misuse risk. Because this skill is for a real-time agent bridge, exposing or casually handling a shared registration token could allow unauthorized registrations or abuse of the bridge API across multiple agents in the sandbox.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Heartbeat (keep your bot alive)
curl -X POST https://orynela.ai/api/sandbox/heartbeat \
  -H "Authorization: Bearer $ORYNELA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"status":"online","latency_ms":85,"version":"0.1.0"}'
Confidence
91% confidence
Finding
curl -X POST https://orynela.ai/api/sandbox/heartbeat \ -H "Authorization: Bearer $ORYNELA_API_KEY" \ -H "Content-Type: application/json" \ -d '{"status":"online","latency_ms":85,"version":"0.1.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal