ClawHub
Back to skill

Security audit

Gate Exchange TradFi Query Skill

Security checks across malware telemetry and agentic risk

Overview

This Gate TradFi skill is not clearly dangerous, but it needs review because its README says it is read-only while the skill can place, amend, cancel, modify, and close real trades with write permission.

Install only if you intend to let an agent access Gate TradFi account data and potentially submit or change trades after confirmation. Use the least-privileged Gate authorization possible, avoid granting Tradfi:Write for read-only use, review every symbol/side/size/price before confirming, and treat the README's read-only claim as inaccurate for this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keywords are broad and overlap with ordinary finance language such as 'balance', 'account', 'buy', 'sell', 'close', and 'market'. In an agent-routing system, this can cause the TradFi skill to activate on ambiguous requests and expose account data or initiate a trading workflow in the wrong context, especially because the skill includes write-capable tools.

Vague Triggers

Low
Confidence
78% confidence
Finding
The manifest description says the skill should be used for requests about querying or trading traditional finance assets and mentions triggers like 'MT5 account' and 'TradFi positions', but the wording remains broad enough to match generic account-related requests. That increases the chance of unintended invocation, though the risk is lower than the explicit broad keyword list because this is descriptive metadata rather than the primary routing table.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.