ClawHub

BTC短线预测

Security checks across malware telemetry and agentic risk

Overview

This BTC prediction skill is review-worthy because its paid billing flow is under-scoped, uses an embedded billing key, and appears unable to preserve a user's paid balance across runs.

Install only after reviewing the payment flow carefully. Do not deposit funds unless the publisher explains how balances are tied to a stable user identity, removes or rotates the embedded API key, documents SkillPay data sharing, and substantiates or tones down the trading-performance claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares only an environment variable requirement but static analysis indicates both environment and network capabilities, meaning its operational scope is broader than what is transparently declared. In a paid financial-prediction skill, undisclosed network access increases risk because it can transmit user identifiers, billing metadata, or trading-related data to external services without clear user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is BTC short-term prediction, but the skill also performs billing operations, generates top-up links, contains a hardcoded SkillPay API key, and sends user and charging information to third-party services. This is dangerous because hidden monetization and secret exfiltration behavior break user expectations, while hardcoded credentials can be abused to impersonate the service, misuse billing APIs, or expose sensitive account operations.

Context-Inappropriate Capability

Medium
Confidence
77% confidence
Finding
The skill can generate external payment links even though the advertised purpose is BTC price prediction, which expands the trust boundary into financial redirection. In a skill context, undeclared payment-link generation can be abused for unexpected monetization flows, phishing-like user steering, or collecting funds through a capability users did not reasonably expect from the stated functionality.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill markets high-frequency BTC prediction with strong performance claims and automatic operation but provides no warning about financial risk, losses, or the unreliability of short-term trading signals. In this context, users may overtrust the tool and enable automated or repeated paid usage, increasing the chance of financial harm from both bad trades and recurring charges.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code sends user_id to an external billing service during charge requests without any visible notice, consent mechanism, or minimization. In a paid skill handling financial operations, undisclosed transmission of identifiers creates privacy and compliance risk and could enable cross-service tracking of users.

Missing User Warnings

Low
Confidence
99% confidence
Finding
A live-looking API key is hardcoded as a fallback in source code, which is a classic secret exposure issue. If the code is leaked, shared, or deployed improperly, attackers can use the credential to invoke billing APIs, generate fraudulent charges or payment links, and potentially abuse the associated account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal