ClawHub

Tradekix

Security checks across malware telemetry and agentic risk

Overview

Tradekix appears to be a legitimate market-data skill, but it needs review because it can automatically create an account, send user identity details, store an API key locally, and run account-changing actions without clear confirmation.

Review before installing. Use it only if you are comfortable sending signup details to Tradekix and storing a local API key. Do not let an agent run signup, upgrade, or revoke unless you explicitly asked for that exact action, and avoid using the documented cat command on the config file because it can reveal the full API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to execute shell commands, but the metadata does not declare shell capability or related permissions. This creates a transparency and policy-enforcement gap: systems or reviewers may treat the skill as lower risk than it actually is, increasing the chance of unintended command execution and hidden side effects such as local file access or network-backed script execution.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script goes beyond passive market-data retrieval and includes account lifecycle actions: signup, paid-plan upgrade, and key revocation. In an agent skill, these side-effecting operations can create accounts, transmit user identity data, or change billing state unexpectedly if invoked without explicit user consent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation description is very broad and can match common market-related requests, causing the skill to activate in many situations without clear scope boundaries. In this context, overbroad triggering is more dangerous because the skill can execute shell commands, perform automatic signup, and store credentials locally, so accidental invocation may lead to account creation or local state changes the user did not intend.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to automatically sign up for an external service and store an API key in a local config file if no config exists, without warning or obtaining explicit user consent. This can create third-party accounts, transmit user-identifying data, and persist credentials on disk, which is especially risky because the behavior is framed as an automatic setup step rather than an opt-in action.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documented upgrade command can initiate a paid subscription, but the skill does not present it as a billing-sensitive action requiring explicit confirmation. If invoked by an agent from ambiguous user intent, this could cause unauthorized charges or account changes with real financial consequences.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The revocation command invalidates the stored API key, but the skill does not warn that this may disrupt service and require re-provisioning to restore access. While less severe than signup or upgrade, accidental execution could still cause denial of service for the user or other workflows relying on that credential.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The signup flow sends the user's name and email to a remote service without a clear warning in the help text or an execution-time disclosure. In an agent environment, hidden PII transmission is risky because users may believe they are only querying market data, not registering with a third-party service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The upgrade and revoke commands perform state-changing POST requests immediately, with no confirmation, dry-run mode, or warning. In an autonomous or semi-autonomous agent context, that can lead to unintended billing changes or loss of access from a mistaken command or prompt injection chain.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal