ClawHub

Cross-exchange trading platform

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto trading skill, but it needs review because it can affect live funds and its shell helper uses unsafe command construction without confirmation safeguards.

Install only if you intentionally want an agent or shell helper to access a live Gate CrossEx account. Use a new least-privilege API key, disable withdrawals, restrict by IP where possible, keep limited funds available, and require manual confirmation for trades or transfers. Avoid using gate_crossex.sh until eval is removed and inputs are validated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Low
Confidence
71% confidence
Finding
The skill is designed for real trading and explicitly relies on long-lived API credentials stored in predictable local paths or environment variables, while also encouraging automated use. In a network-enabled trading skill, this increases the blast radius of any host compromise, accidental disclosure, prompt-induced misuse, or unsafe logging because those credentials can authorize live account actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises sensitive account actions such as transfers and order management without clearly warning that these operations can move funds, open/close positions, or otherwise affect a live exchange account. In a skill that requires credentials and network access for real trading APIs, this omission increases the risk that users invoke high-impact functions without understanding the consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script performs authenticated requests that expose account data and can move funds, but it provides no explicit confirmation, warning, or safety interlock before those sensitive actions. In a credentialed, network-enabled skill, this increases the chance of accidental disclosure of financial data or unintended transfers, especially when called by higher-level automation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal