ClawHub

KTrendz Lightstick Trading

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated trading purpose, but it can execute live buy and sell transactions without a built-in confirmation step.

Review before installing. Only use this if you trust K-Trendz with your API key and are comfortable with an agent executing real token trades. Confirm the artist, cost or refund, and slippage before every buy or sell, and remove the saved config file when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script accepts an API key from either the environment or interactive input and then writes it to a local config file. Persisting credentials is common for CLI tooling, but doing so without a manifest, scope limitation, or clear disclosure increases risk because long-lived secrets remain on disk and may be consumed by other local processes, backups, or accidental sharing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This is a true vulnerability because the skill exposes `/ktrendz:buy` and `/ktrendz:sell` as routine commands without an explicit, prominent warning that they trigger real-money financial transactions using user-linked funds or credentials. In the context of an agent skill, users may interpret these as informational or simulated actions, increasing the risk of accidental purchases, unauthorized spending, or socially engineered trade execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs a real buy operation immediately after fetching a price, with no confirmation prompt, dry-run mode, or clear warning that funds will be spent. In an agent or automation context, this increases the chance of accidental or unauthorized purchases from a single invocation or mis-typed argument.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs an irreversible sell operation immediately after fetching a quote, with no confirmation prompt, dry-run mode, or explicit warning that funds/tokens will be liquidated. In a CLI context, this increases the risk of accidental invocation, mistyped artist names, or unsafe automation causing unintended financial loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes the API key to ~/.config/ktrendz/config.json without clearly warning the user that a sensitive credential will be stored locally. Even with chmod 600, users may unknowingly leave secrets in backups, dotfile sync tools, or shared systems, which can lead to credential exposure.

External Transmission

Medium
Category
Data Exfiltration
Content
echo ""
echo "Executing sale..."

RESPONSE=$(curl -s -X POST "$BASE_URL/sell" \
    -H "Content-Type: application/json" \
    -H "x-bot-api-key: $API_KEY" \
    -d "{\"artist_name\": \"$ARTIST\", \"min_slippage_percent\": $SLIPPAGE}")
Confidence
72% confidence
Finding
curl -s -X POST "$BASE_URL/sell" \ -H "Content-Type: application/json" \ -H "x-bot-api-key: $API_KEY" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal