ClawHub

Minimax Crypto Trading

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only crypto trading analysis skill with no code or credential access, but it can produce actionable trade parameters that users should treat cautiously.

Install only if you intentionally want crypto trading analysis. Do not connect it to exchange, wallet, or automation tools without separate review and explicit controls. Verify market data independently, size risk yourself, and prefer invoking the skill explicitly instead of letting broad crypto terms trigger it automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger terms are broad, generic market-discussion words such as 'crypto', 'trading', and asset tickers, which can cause this skill to activate in ordinary informational conversations rather than only when a user explicitly wants trading actions. In this skill's context, that is risky because the agent is designed to output concrete trade/no-trade decisions and parameters, so accidental invocation can expose users to unrequested financial guidance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill produces actionable trading outputs including direction, entry, stop loss, take-profit targets, and expected R, but it does not prominently warn users that these are financially consequential recommendations. In a financial-trading skill, the absence of a clear warning and limitation statement materially increases the chance that users will treat generated outputs as suitable-to-execute advice without understanding risk, uncertainty, or suitability concerns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal