ClawHub

Trading Briefing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading-status briefing skill that can reveal sensitive local trading and system information but does not show hidden trading, exfiltration, or destructive behavior.

Install only where the agent is allowed to read and display local trading status, positions, PnL, recent trade snippets, process status, disk usage, and memory usage. Avoid casual trigger phrases in shared chats, and use --save only if you are comfortable leaving a report with sensitive trading details on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises a simple briefing function, but static analysis indicates shell execution and file-write capabilities without any declared permissions. In an agent environment, undeclared privileged behaviors reduce transparency and can let the skill access local state or persist data in ways the user did not meaningfully authorize.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior understates what the skill actually does: it reads local logs/state files, checks system resources and processes, expands market coverage beyond the stated assets, and can save a report to disk. This mismatch is dangerous because users may invoke a seemingly harmless market briefing while the skill also inspects local trading infrastructure and writes artifacts, increasing the risk of unintended data exposure or overbroad access.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad trigger phrases like '简报', '系统状态', or '今天市场怎么样' can accidentally invoke the skill during ordinary conversation. In this context, accidental activation is more dangerous because the skill appears to touch live trading state, local logs, system health, and reused credentials, so unintended execution may disclose sensitive operational information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that it reuses API keys from a live trading configuration but does not warn the user in the description. Reusing production credentials in a briefing skill materially raises the stakes of accidental invocation or misuse, because even read-oriented code may expose keys, query privileged account data, or be expanded later into trading actions under production authority.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal