ClawHub

IBKR Trading

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real IBKR trading automation skill, but it gives automation high-impact trading authority without enough safety controls.

Review before installing. Use an IBKR paper account first, protect or avoid the plaintext .env credential file, verify the IBKR gateway download and Python dependencies, disable cron keepalive unless you need it, and remove automatic order confirmation or add explicit human approval, account limits, symbol allowlists, and maximum order-size controls before connecting this to a live brokerage account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Tainted flow: 'BASE_URL' from os.getenv (line 18, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
def check_auth_status():
    """Check if session is authenticated."""
    try:
        r = requests.get(
            f"{BASE_URL}/v1/api/iserver/auth/status",
            verify=False,
            timeout=10
Confidence
95% confidence
Finding
r = requests.get( f"{BASE_URL}/v1/api/iserver/auth/status", verify=False, timeout=10 )

Tainted flow: 'BASE_URL' from os.getenv (line 18, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
def tickle():
    """Send keepalive ping."""
    try:
        r = requests.post(
            f"{BASE_URL}/v1/api/tickle",
            verify=False,
            timeout=10
Confidence
95% confidence
Finding
r = requests.post( f"{BASE_URL}/v1/api/tickle", verify=False, timeout=10 )

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes live order placement examples without a prominent warning that the commands may execute real trades on a funded brokerage account. In this context, omission of that warning is dangerous because users may copy-paste examples assuming they are illustrative, causing unintended financial loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions direct users to store brokerage credentials in a plaintext `.env` file without warning about filesystem exposure, shell history, backups, or multi-user host access. Because these are brokerage credentials tied to account authentication, compromise could enable unauthorized account access and trading activity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation provides direct examples for placing, confirming, modifying, and canceling orders without an explicit warning that these actions can affect live brokerage accounts and real funds. In a trading automation skill, omission of a prominent safety warning increases the risk that an agent or user treats these endpoints as routine read-only operations and triggers unintended trades or order changes.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The file explicitly recommends disabling TLS certificate verification via `verify=False` or `-k`, which defeats authentication of the HTTPS endpoint and enables man-in-the-middle interception or tampering. Even on localhost, this normalizes an unsafe practice that may be copied into less trusted environments or containerized/network-exposed deployments handling brokerage sessions and account data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates a credential-bearing .env file containing placeholders for IBKR username and password and instructs the user to edit it with real secrets, but it does not set restrictive permissions, exclude the file from version control, or warn about the sensitivity of storing brokerage credentials on disk. In the context of an automated trading skill, these credentials can grant access to a financial account, so insecure local storage materially increases risk of account compromise.

Missing User Warnings

High
Confidence
94% confidence
Finding
The bot can place orders and automatically confirm brokerage warning prompts without any explicit user approval or secondary safety gate. In a trading automation skill, this materially increases the risk of unintended or manipulated trades, especially if strategy logic is buggy, compromised, or fed bad market inputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal