ClawHub

Crypto Strategy Suite

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as a paid crypto trading assistant, but it can automatically bill users and run live automated spot or leveraged futures trading with unclear safeguards.

Review carefully before installing. Use only if you intentionally want paid per-call billing and automated crypto trading. Start on testnet, use a separate low-balance account, create trade-only exchange keys with withdrawals disabled and IP restrictions, set external trading and leverage limits, and confirm you know how to stop the monitoring loop and cancel open orders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s documented behavior extends beyond a trading strategy suite into payment processing and billing, including balance checks, charges, and payment-link generation against an external service. This creates a material capability mismatch: users may invoke what appears to be a trading tool while the skill also performs monetization actions with external identifiers and API keys, increasing the risk of undisclosed charges and data flow to third parties.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill introduces blockchain-linked payment and external billing functions that are not necessary for executing trading strategies themselves. In a skill that already requests sensitive exchange API credentials, adding unrelated payment operations broadens the trust boundary and increases the chance of confusing users, triggering unexpected payments, or exposing user/account metadata to an external billing provider.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented flow says the skill automatically charges on each invocation before executing strategy logic, but does not show a clear invocation-time warning or explicit confirmation immediately prior to billing. This is dangerous because users may incur real financial charges simply by running the skill, especially in a high-risk financial context where repeated invocations or automated use could multiply charges quickly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal