ClawHub

Decentralized stop-loss orders for DeFi

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only DeFi skill, but its stop-loss listing understates that it can guide broader signed trading orders through an external relay.

Install only if you intend to use Orbs Spot for advanced DeFi orders, not just stop-loss. Before approving or signing, verify the chain, contract, token addresses, recipient, amount, deadline, trigger values, slippage, and relay destination; prefer exact approvals and avoid standing max approvals unless you deliberately want that exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The README presents the skill as a general-purpose advanced DeFi trading protocol, while the declared skill metadata says it is specifically a stop-loss skill. This scope mismatch can mislead an agent or user into invoking capabilities beyond the intended permission boundary, especially in a financial context where broader order execution implies token-spending actions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Listing multiple order types contradicts the narrower stop-loss skill description and expands the perceived operational scope of the integration. In an agent setting, ambiguous documentation can cause overbroad trust or unintended financial actions if the agent assumes all documented order types are safely available through this skill.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The examples and technical overview include limit, TWAP, take-profit, delayed-start, and broader execution semantics beyond a stop-loss-specific skill. In a high-risk DeFi environment, such overinclusive documentation increases the chance of agent misuse, unsafe assumptions about authorization, and accidental exposure to unintended trading flows.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README directs integrators to hosted endpoints and describes token-spending, on-chain execution surfaces without a prominent warning that transactions may be irreversible and financially risky. In a DeFi agent context, missing risk disclosure makes harmful automation more likely because users may treat endpoint use as routine API interaction rather than value-bearing blockchain execution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The instructions encourage users to copy transaction-like payloads and replace addresses, amounts, timing, and signatures without any safety warning or validation guidance. In a DeFi context, users may treat these examples as near-ready production payloads, increasing the risk of submitting malformed or dangerous orders, reusing invalid signatures, or directing funds to incorrect addresses.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file instructs the user to sign EIP-712 order data and submit the resulting signed payload to an external relay, but it does not clearly warn that this transmits an executable signed order off-platform to a third party. In a DeFi trading context, signed orders can be sensitive and may be replayed, submitted unexpectedly, or misunderstood by users if the relay trust boundary and consequences are not made explicit.

External Transmission

Medium
Category
Data Exfiltration
Content
status: "pending",
};

const response = await fetch("https://agents-sink.orbs.network/orders/new", {
  method: "POST",
  headers: { "content-type": "application/json" },
  body: JSON.stringify(relayPayload),
Confidence
87% confidence
Finding
fetch("https://agents-sink.orbs.network/orders/new", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
'{order: $typed[0].message, signature: $sig, status: "pending"}' \
  > ./relay-payload.json

curl -fsS -X POST 'https://agents-sink.orbs.network/orders/new' \
  -H 'content-type: application/json' \
  --data @./relay-payload.json
```
Confidence
89% confidence
Finding
curl -fsS -X POST 'https://agents-sink.orbs.network/orders/new' \ -H 'content-type: application/json' \ --data @./relay-payload.json ``` 12. Canonical JavaScript submit path with `ethers` plus st

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal