ClawHub

Cross-Chain Arbitrage CN | 跨链套利

Security checks across malware telemetry and agentic risk

Overview

This skill is not shown to be malicious, but it needs review because it can direct real cross-chain crypto trades and bridging without a clear default spending cap.

Install only if you intend to connect a wallet for live DeFi activity. Use scan-only mode first, set an explicit maximum trade amount, verify the exact package/source you are installing, and require manual wallet review/signing for every transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises optional execution of cross-chain arbitrage but does not clearly warn that this may trigger live on-chain transactions, move real funds, incur gas/bridge/slippage costs, and cause irreversible losses. In an agent-skill context, users may rely on the README to understand operational risk, so missing safety framing increases the chance of unintended real-money actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example prompt explicitly encourages the agent to execute profitable arbitrage without any accompanying warning about live trading, wallet use, transaction finality, or financial risk. Because examples are likely to be copied verbatim, this can directly nudge users into enabling autonomous fund-moving behavior without informed consent or adequate safeguards.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad phrases like "Profit from price differences," which can match generic finance or market-analysis requests and invoke a high-risk trading skill unexpectedly. In this context, accidental activation is more dangerous because the skill can progress from scanning into transaction-oriented workflows involving cross-chain execution and capital movement.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal