ClawHub

Crypto Market Monitor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate crypto market monitor, but its manual setup instructions can overwrite local app data and its hard-coded paths may cause reliability or local import risks.

Install only into a dedicated crypto workspace, back up any existing ~/.openclaw/workspace/crypto data first, avoid the manual echo/rm reset commands unless you intentionally want to clear saved economic data, and add the cron jobs only if you want recurring background monitoring. Review or fix the hard-coded /root/.openclaw paths before relying on custom install locations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation instructs users to run Python scripts that read and write local files and perform network-based market monitoring, yet the skill declares no permissions. This creates a transparency and trust problem: users and any permission-enforcement system are not clearly informed that the skill can access the filesystem and external services, increasing the risk of unexpected data exposure or unauthorized actions in the workspace.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script prepends a hard-coded absolute path under /root/.openclaw/workspace to sys.path and then imports modules from there. This creates a trust boundary violation: code execution depends on whatever Python files exist at that external location, allowing unintended or tampered local modules to run with the script's privileges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The install instructions copy all skill files into the user's crypto workspace with `cp -r` and do not warn about overwriting or merging with existing files. This can destroy user data, replace trusted local scripts, or silently alter an existing workspace in a way that changes future behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The command `echo '{}' > ~/.openclaw/workspace/crypto/data/actual_data.json` unconditionally truncates and replaces the file contents. If the file already contains collected data or configuration, this instruction causes irreversible data loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes a destructive deletion command (`rm data/actual_data.json`) as the direct answer to a user question, without warning, confirmation guidance, or safer alternatives. Even though it targets an application data file rather than arbitrary system paths, users may copy-paste it blindly, causing irreversible loss of stored economic update history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal