ClawHub

Whale Radar — Orion

Security checks across malware telemetry and agentic risk

Overview

This is a text-only crypto whale-alert skill with a disclosed paid upgrade path and no evidence of hidden system access or automatic paid actions.

Install only if you want informational crypto market-signal prompts. Confirm any Orion ACP paid call, offering name, price, and expected output before proceeding, and do not rely on whale classifications alone for trading decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises very broad trigger phrases like "whale alert?" and "any whale activity?", which are common conversational queries and can cause accidental invocation outside a clearly consented security or trading context. Because the skill funnels users toward a paid external ACP service, unintended activation increases the risk of unsolicited promotional behavior and mistaken reliance on financial-signaling output.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal