ClawHub

Quant Trading Api

Security checks across malware telemetry and agentic risk

Overview

This skill presents itself as a live professional trading integration, but the included code is mostly a simulator and the documentation does not clearly warn users about financial or credential-handling risks.

Treat this as a mock trading prototype unless the publisher clearly documents otherwise. Do not enter real brokerage credentials or rely on its quotes, balances, positions, or order results for real trading. Install only in an isolated Python environment and look for clear live/paper mode separation, secure credential guidance, confirmations, and order-risk limits before using it with real accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents code that uses network access and likely handles broker credentials, but it does not declare permissions for those capabilities. In an agent environment, undeclared network and environment access reduces transparency and can bypass administrator or user expectations about what the skill is allowed to do.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill claims real broker integration, but the documentation appears inconsistent about supported services and may present simulated or placeholder interfaces as if they were live trading functions. In a trading context, this mismatch can mislead users into trusting unsupported execution paths or automation behavior, increasing the risk of unintended financial actions or unsafe deployment assumptions.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill advertises professional broker integration and automated trading, but the implementation is only a local simulator that fabricates authentication, quotes, balances, positions, and fills. In a trading context this is dangerous because users or downstream agents may make financial decisions believing orders are real, leading to false execution assumptions, missed hedges, or unsafe automation around live capital.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples show direct buy, sell, scheduling, stop-loss, and strategy execution flows without an explicit warning that they may trigger real financial transactions. In a brokerage-integration skill, omission of such warnings is dangerous because users may run example code in a live account and cause irreversible trades or losses.

Missing User Warnings

High
Confidence
90% confidence
Finding
The API exposes direct buy/sell order placement with no confirmation step, trading limits, risk acknowledgment, or policy gate. In an automated trading skill, this increases the chance of accidental or unauthorized order submission by users, higher-level agents, or prompt-induced workflows, which can cause immediate financial loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal