ClawHub

Decker AI 트레이딩

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Decker trading integration, but it needs review because it can connect chat commands to financially sensitive order, auto-order, portfolio, and credential workflows without consistently clear risk and mode boundaries.

Install only if you trust Decker as a trading service and understand that chat commands may start trading-related workflows. Start in simulated mode, use limited-scope exchange keys with withdrawals disabled, use dedicated wallets for Hyperliquid or Polymarket, verify whether each action is simulated or live, and regularly review or disable active auto-order rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Documenting direct CRUD operations for stored exchange API keys exposes a highly sensitive administrative surface inside a broadly invocable conversational skill. Even if intended as reference, embedding key-management endpoints in prompt instructions increases the chance of misuse, prompt-induced invocation, or future agent behaviors that manipulate credentials beyond the user's immediate intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very common greetings and generic phrases, making accidental activation likely in unrelated conversations. Over-broad invocation is dangerous here because the skill contains sensitive operational instructions and trading-related actions, so mistaken routing could expose risky behaviors or initiate inappropriate downstream calls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The guidance emphasizes what the assistant must do after activation, but does not clearly bound when activation should be refused or deferred. In a skill capable of initiating order flows and handling financial context, ambiguous activation increases the risk of incorrect tool selection and unsafe action on loosely related user input.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using vague greetings and generic help requests as service-introduction triggers causes the skill to capture broad conversational traffic without sufficient relevance checks. Because this prompt includes hidden backend references and transactional procedures, unnecessary activation materially raises the chance of accidental disclosure or unintended trading workflow entry.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to enable automatic trading and states the system will place trades every 4 hours when a signal threshold is met, but it does not present a prominent warning about financial risk, strategy error, exchange/account consequences, or how to verify that trading is only simulated versus live. In a trading skill, missing guardrails around automated order placement is dangerous because users may misunderstand the scope, risk, or execution mode and enable behavior with real financial impact.

Vague Triggers

Low
Confidence
82% confidence
Finding
The examples include broad natural-language triggers such as '어떻게 써?', '뭐 할 수 있어?', and generic action phrases like 'ETH 매도해줘', which can increase the chance of unintended invocation or ambiguous routing in chat environments. In a skill that can surface positions, create order requests, or affect automation, accidental triggering is more dangerous than in an informational-only bot.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The greeting-based examples (e.g. '하이', '안녕', '뭐 할 수 있어?') are overly broad and likely to match normal conversation that is not intended to invoke a trading-related skill. In this skill's context, accidental activation is more dangerous than usual because the capability set includes portfolio, orders, auto-order rules, and exchange API key setup, which can steer users into sensitive financial workflows or produce confusing/unwanted actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal