ClawHub

Crypto Regime Report

Security checks across malware telemetry and agentic risk

Overview

The main crypto report function is coherent, but the bundle includes an under-documented Telegram alert sender that reads local messaging credentials and posts generated alerts externally.

Review before installing if you do not want a skill that can send generated crypto alerts through Telegram. The normal report script uses public market data and writes local cache files, but avoid running scripts/alert_poller.sh unless you intentionally want it to use your Telegram bot token/chat ID and post alerts to your chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
The skill advertises only basic metadata while exposing execution capabilities such as shell use, environment-variable access, and file-writing workflows through documented commands and configuration changes. Undeclared capabilities reduce informed consent and make it easier for a user or platform to invoke code with broader side effects than the description suggests.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented purpose is report generation, but the behavior described by analysis includes outbound Telegram messaging, alert polling, and reading user configuration from ~/.openclaw/openclaw.json for credentials. That mismatch is dangerous because it introduces credential access and external data exfiltration/notification behavior that a user would not reasonably expect from a market-report skill.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script reads local Telegram credentials and forwards the poller's output to an external Telegram chat, which is a capability not justified by the declared purpose of generating crypto regime reports. Even if intended for alerting, this creates an undocumented exfiltration path for locally produced data and secrets-dependent outbound messaging, increasing the risk of data leakage or abuse.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code accesses secrets from a local OpenClaw configuration file and environment variables to enable outbound Telegram messaging, despite that access not being necessary for simple report generation. Unnecessary secret access expands the trust boundary and allows this script to leverage credentials for external transmission if its output or behavior is ever influenced unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
MESSAGE=$(echo "$OUTPUT" | jq -sRr @uri)
        
        # Send to Telegram
        curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
            -d "chat_id=${CHAT_ID}" \
            -d "text=${MESSAGE}" \
            -d "parse_mode=Markdown" \
Confidence
93% confidence
Finding
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \ -d "chat_id=${CHAT_ID}" \ -d "text=${MESSAGE}" \ -d "parse_mode=Markdown" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
MESSAGE=$(echo "$OUTPUT" | jq -sRr @uri)
        
        # Send to Telegram
        curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
            -d "chat_id=${CHAT_ID}" \
            -d "text=${MESSAGE}" \
            -d "parse_mode=Markdown" \
Confidence
93% confidence
Finding
https://api.telegram.org/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal