ClawHub

DCA orders — dollar cost average into any token

Security checks across malware telemetry and agentic risk

Overview

This appears to be a crypto trading skill whose documentation may expose broader order-building behavior than its stated DCA scope, so users should review it before installing.

Install only if you understand that the documentation may cover more than DCA orders. Before using it with real funds, verify the supported order types, use demo/test mode first, validate every address, amount, chain, timing, and signature, and require explicit confirmation before any live order is submitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The README presents the skill as a general advanced-order trading protocol while the skill metadata says it is a DCA-order skill. That mismatch can mislead agents or users into invoking unsupported or higher-risk behaviors, increasing the chance of incorrect order construction or unsafe automation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Listing market, limit, stop-loss, take-profit, and delayed-start orders exceeds the declared DCA-only purpose. In an agent setting, documentation is often used as operational truth, so this inconsistency can cause an agent to expose or attempt dangerous financial actions outside the intended permission boundary.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The examples teach non-DCA behaviors such as single-shot limit orders and stop-loss/take-profit flows, which can prime downstream integrators or agents to use the skill beyond its stated mandate. In automated trading contexts, example-driven misuse is materially risky because users may assume example code is safe and supported.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The technical overview exposes a full advanced-order protocol surface rather than a narrow DCA skill. This broadens the apparent attack and usage surface for agent consumers, who may infer access to privileged or risky functions not intended for this package.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The examples file includes limit and stop-loss relay payloads even though the skill is described as DCA-only. In an agent setting, this broadens the effective capability surface and can cause downstream systems or users to submit non-DCA orders they did not intend, especially because the examples are presented as copyable final payloads.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The instruction to 'mix limit, trigger, and delay fields as needed' encourages constructing hybrid order payloads outside the stated DCA scope. This is dangerous because it invites ambiguous or unsupported order semantics in signed transaction payloads, increasing the chance of unintended trading behavior or policy bypass by an agent following the documentation literally.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README describes advanced trading strategies and execution examples without prominent risk disclosure about loss, slippage, trigger failure, volatility, or automation hazards. While this is not a code exploit, it is a real safety issue for an agent-integrated financial skill because users may over-trust examples and initiate economically harmful actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file presents mock final relay payloads as templates to copy and modify, but does not warn that addresses, amounts, timing, chain IDs, and signatures are transaction-critical values. In a crypto trading skill, omission of such warnings materially increases the risk of users or agents reusing unsafe placeholders or misunderstanding that these examples are close to live order payloads.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal