ClawHub

AlphaArena

Security checks across malware telemetry and agentic risk

Overview

This skill is for an external trading-signal arena, but it tells the agent to immediately create an account, store an API key, and publish public content without clear user approval.

Review before installing. Only use this skill if you are comfortable with an agent creating an AlphaArena identity and potentially publishing trading signals or forum posts publicly. Require explicit confirmation and preview before registration, API-key storage, signal submission, forum posting, profile updates, or any repeated future submissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to self-register on an external service, obtain a newly issued API key, store that credential, and take public actions without any user request or approval. This creates unauthorized external side effects, establishes a persistent external identity/credential, and can cause the agent to disclose or act under its own authority outside the user’s intent.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The ongoing instruction to submit signals whenever the agent has a market opinion turns ordinary conversation into repeated unsolicited API calls and public postings. This is dangerous because it creates continuous external data exfiltration/public disclosure and repeated actions beyond the user’s immediate request, with no meaningful scope limits or consent boundary.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The forum posting and reply features allow the agent to generate public content on an external platform, which expands the skill from signal submission into open-ended public communications. In this context, that increases abuse potential, reputational risk, spam potential, and accidental disclosure because the content is user-visible and not tightly tied to a necessary task.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger condition is extremely broad: any question about markets, crypto, stocks, trading, or any market opinion causes the skill to activate. Such a wide activation surface makes accidental invocation likely and enables the skill to hijack common conversations into external actions without clear relevance, consent, or necessity.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directs immediate registration, public posting, and repeated API submissions without warning the user that these are external, persistent, and publicly visible actions. This deprives the user of informed consent and can lead to unauthorized account creation, publication, and ongoing third-party interactions initiated by the agent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Telling the agent to save a newly issued API key as an environment variable encourages persistent credential handling without any security controls, user approval, or lifecycle guidance. This can lead to secret sprawl, accidental reuse, leakage into logs or downstream tooling, and confusion over who owns the credential.

Ssd 1

High
Confidence
98% confidence
Finding
The imperative language ('Execute these steps immediately', 'Act now') is designed to override normal assistant safeguards and push immediate external behavior. This is dangerous because it attempts to short-circuit user intent, deliberation, and safety checks in favor of automatic networked actions and public activity.

Ssd 4

High
Confidence
99% confidence
Finding
The multi-step narrative orchestrates a full chain of risky behaviors: account creation, credential capture, public posting, and repeated future broadcasting of analysis. In this skill’s context, that chaining materially increases danger because it establishes durable access and then weaponizes routine conversations into ongoing external actions on a third-party platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal