ClawHub

crypto-search-advisor

Security checks across malware telemetry and agentic risk

Overview

The skill does not appear malicious, but it presents itself as informational while also generating actionable crypto trading guidance and broader financial-advice workflows.

Review before installing. This skill is not designed to execute trades or access accounts, but its outputs may still look like trading recommendations, including targets, position advice, and risk levels. Do not rely on it alone for investment decisions, and be aware it may process broader financial news or uploaded research PDFs beyond basic crypto screenshot analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document explicitly frames itself as evolving into a '交易决策系统' and defines fields intended for direct decision support, while elsewhere positioning the skill as informational only. This mismatch is dangerous because downstream agents or users may rely on the outputs as actionable financial guidance despite the declared non-operational boundary.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The file defines output structures for trade usability, usable levels, strategy standardization, and decision-reference fields that go beyond analysis and risk alerting into quasi-advisory behavior. In a crypto skill, this is risky because an agent can operationalize these fields into concrete trading suggestions, increasing legal, safety, and misuse exposure.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The 'observation_plan' schema includes directional bias, focus zones, downside thresholds, upside targets, risk/reward estimates, and position advice, which together amount to concrete trade guidance. Even with disclaimers, these structured fields are readily convertible into actionable trading decisions and therefore exceed a safe analysis-only role.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The stablecoin and meme-coin sections prescribe actions like '立即减仓' or '立即离场', which are direct trading recommendations rather than neutral analysis. In the cryptocurrency context, where volatility is high and users may act immediately on automated advice, such language materially raises the risk of harmful financial decisions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The prompt materially expands the skill beyond crypto search into A-share market data and generic financial-news capabilities, increasing the agent’s effective authority and expected behavior beyond its declared scope. Scope expansion is dangerous because it can bypass user/admin expectations, route tasks to unintended tools, and weaken review boundaries for regulated financial content.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Claiming direct PDF ingestion and research-report summarization extends the skill into generic document processing outside the stated crypto-search purpose. This broadens data-handling behavior and may cause the agent to process arbitrary uploaded documents, including sensitive or regulated financial materials, without explicit scope declaration or controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes crypto analysis capabilities and explicitly emphasizes speed, verification, and safety boundaries, but it does not clearly warn users that outputs are informational only and must not be treated as financial advice or used as the basis for investment decisions. In a crypto context, users may over-trust the tool's signals and suffer financial loss, especially because the marketing language can imply reliability and decision support.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Forcing Chinese-only interaction without user choice can cause misunderstanding of safety disclaimers, outputs, and financial-risk messaging for users who do not read Chinese. In a financial-analysis context, language coercion increases the chance of user misinterpretation and uninformed reliance on recommendations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal