ClawHub

Crypto Sniper Oracle

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated purpose: it fetches public crypto market data, writes local reports/logs, and can optionally send those reports to a user-configured Telegram chat.

Install only if you are comfortable with public Binance API calls, local files under /workspace, and optional Telegram delivery. Keep Telegram disabled unless you want reports sent off-host, store bot tokens carefully rather than in shared dotfiles, and review or remove any cron jobs when you no longer want scheduled monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README advertises the skill as "L1 ReadOnly" while elsewhere documenting creation of reports, logs, and cache files under /workspace. This is a security-significant mismatch because users or policy engines may grant trust based on a read-only claim even though the skill persists local state and alters the filesystem.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs users to store the Telegram bot token and chat ID in shell startup files, which creates long-lived secret exposure without prominent warnings about leakage via shell history, backups, shared accounts, or accidental publication. While this is common operational guidance, persisting API credentials in plaintext increases the chance of unauthorized message sending and bot misuse if the host or dotfiles are exposed.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The README describes automated report generation and local file output without a prominent warning that ongoing scheduled execution will continuously create logs and reports. In a cron-driven skill, this can lead to silent accumulation of market history and operational traces, which increases privacy and storage risk even if the data is not highly sensitive.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes a realistic Telegram bot token format and instructs users to paste secrets into environment variables without an explicit warning to use placeholders only and never commit or log real credentials. This increases the chance of accidental credential exposure in screenshots, shell history, logs, copied configs, or shared docs.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
When Telegram is configured, the script automatically sends generated report content to an external service with no explicit runtime warning, consent gate, or content classification. In environments where symbols, analysis, or derived trading signals are sensitive, this can lead to unintended data disclosure and surprise network egress.

Session Persistence

Medium
Category
Rogue Agent
Content
### **Edit Crontab**

```bash
crontab -e
```

### **Add Jobs**
Confidence
91% confidence
Finding
crontab -e

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal