ClawHub

Binance Spot OpenAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Binance Spot API helper, but it can access account data and place or cancel trades if configured with live credentials.

Install only if you intend to let an agent work with Binance Spot APIs. Start on testnet, use API keys with withdrawals disabled and only the permissions needed, keep mainnet and testnet keys separate, require confirmation for every live trade or cancellation, clear exported secrets after use, and revoke keys promptly if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The spec exposes a destructive endpoint that cancels all open orders for a symbol, but its summary and surrounding metadata do not communicate that this action has immediate trading consequences. In an agentic context, omission of confirmation/warning semantics increases the chance that a model or automation invokes the endpoint from an ambiguous user request, causing unintended loss of trading opportunities or strategy disruption.

Missing User Warnings

High
Confidence
97% confidence
Finding
The live order-placement endpoint enables real asset trades on Binance mainnet, yet the spec does not prominently warn that invoking it can execute real market activity and financial loss. Because this skill explicitly targets high-value account and order APIs and includes a mainnet server, an LLM agent could place unintended trades if the user's request is misunderstood or manipulated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The single-order cancellation endpoint performs an irreversible operational action against a live trading order, but the spec does not signal that cancellation may materially affect execution outcomes and trading strategy. In a trading skill with authenticated account access, this missing warning makes accidental or prompt-induced order cancellation more likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions tell users to export a Binance API key and the full Ed25519 private key directly into shell environment variables, including command substitution that reads PEM contents into the environment. This can expose secrets through shell history, process environments, debugging output, terminal scrollback, and CI/logging contexts, increasing the chance of credential theft and unauthorized trading or account access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal