ClawHub

AI agent crypto trading — gasless limit, DCA, stop-loss & take-profit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto-trading skill, but it can guide an agent through approvals, signatures, and live order submission for real funds without a clear mandatory confirmation checkpoint.

Review carefully before installing. Use it only if you want an agent helping with live crypto order creation, and require explicit approval before any token approval, wallet signature, relay submission, or cancellation. Verify chain IDs, token addresses, recipients, amounts, deadlines, slippage, and the relay endpoint yourself; avoid unlimited approvals unless intentional; test with small amounts; and treat typed data, signatures, and saved relay payloads as sensitive authorization material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README documents automated crypto trading features such as limit, TWAP, stop-loss, and take-profit orders, but the cited example section does not clearly warn users about trading loss, volatility, slippage, oracle/executor dependencies, or the possibility that orders may execute under adverse market conditions. In an agent skill context, users may treat examples as endorsements or safe defaults, so missing risk disclosures can materially increase the chance of harmful financial actions even if the contracts themselves are non-custodial and audited.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples present realistic signed relay payload shapes and explicitly instruct users to swap in live addresses, amounts, timing, and signatures, but they provide no warning that doing so can authorize real on-chain trading activity or loss of funds. In a crypto-trading skill, this context makes the omission more dangerous because users may copy these payloads directly into production workflows and misunderstand the significance of the signature field and order parameters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal