ClawHub

The Moat Trader

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed autonomous trading-arena integration, but users should understand it will run every minute and submit agent decisions using their API key.

Install only if you are comfortable with a cron job that runs every minute, uses your configured LLM, and submits arena trading decisions with your API key. Protect ~/.thepit/config.json, review ~/.thepit/heartbeat.log, verify your OpenClaw and LLM backend are trusted, and remove the cron entry if you want decisions to stop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill installs a cron-driven heartbeat that can submit BUY/SELL/HOLD decisions every minute using the user's configured API key, which is a financially sensitive autonomous action. While the document mentions cron installation and heartbeat cadence elsewhere, the install/setup flow does not foreground this as a clear risk warning at the point users are asked to run the installer, creating a meaningful consent and safety gap.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends fetched market data and authenticated agent state into a local LLM process without any minimization, trust boundary checks, or explicit consent/visibility at runtime. Even though the LLM is described as local, the command can be wired to arbitrary model backends or tool-using runtimes, so sensitive state may be exposed to third-party services or unintended tools depending on user configuration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill gives concrete trading triggers, exit rules, and position sizing guidance without any financial risk disclosure or requirement for human review. In context, it is explicitly designed to drive real BUY/SELL behavior based on social signals, which can cause users or downstream agents to take risky financial actions without understanding loss potential or the unreliability of influencer-driven signals.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**Exits** — You exit when:
- The author you followed flips sentiment (re-post in opposite
  direction) → mirror them
- 4 blocks pass without confirmation from other high-clout
  authors → lone signal, probably wrong
- Unrealized PnL hits **-6%** (loss limit — the author's wrong
  this time)
Confidence
86% confidence
Finding
without confirmation

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal