ClawHub

Binance DCA Test

Security checks across malware telemetry and agentic risk

Overview

This Binance DCA skill is not clearly malicious, but it can direct an agent toward live crypto purchases and recurring trading without enough safety controls.

Install only if you intentionally want an agent-assisted Binance trading workflow. Before live use, inspect the missing dca.sh implementation, start on Binance testnet, use a restricted spot-trading API key with withdrawals disabled, set explicit spending limits, and require manual confirmation before every real order or recurring schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger language is broad enough to activate on generic investing, accumulation, or recurring-buy requests, which can cause the agent to select a live-trading skill in situations where the user did not explicitly ask to use Binance or place trades. In a financial context, overbroad routing is dangerous because it increases the chance of unintended tool invocation, exposure of exchange-specific workflows, or escalation from planning advice to real order placement.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation includes direct examples for executing live market and limit buys but does not prominently warn that these actions spend real funds and may create irreversible trades on a production exchange. In a trading skill, this omission materially raises the risk of accidental purchases, especially if users or upstream agents treat the examples as safe defaults rather than fund-moving operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal