ClawHub

Trade Singal

Security checks across malware telemetry and agentic risk

Overview

The skill’s finance API purpose is coherent, but its helper script can run unintended local code from a crafted query, so it needs review before installation.

Review carefully before installing. Avoid using this skill with private portfolio details, brokerage information, or sensitive trading plans, and do not run its script on untrusted or attacker-controlled query text until the query encoding is fixed by passing the query as data rather than embedding it into Python source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to trigger this skill for general finance questions, causing unnecessary routing of user prompts and portfolio-related context to an external third-party service. In a finance setting, overscoped activation increases the chance of privacy leakage, overreliance on unverified advice, and unintended use for regulated or high-risk decisions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The auto-use examples normalize calling the skill on commonplace finance prompts without requiring consent, disclosure, or suitability checks. This can silently ship sensitive investment interests or holdings-related context to an external API and encourage the agent to provide risky trading guidance in situations where the user only asked for general information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill markets actionable Buy/Sell/Hold recommendations, entry/exit targets, and stop losses without any visible warning about financial risk, non-advisory status, or uncertainty. In this context, the absence of safety disclaimers and decision boundaries makes harmful reliance more likely, especially when the skill presents precise trading actions with authoritative language.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the full user-supplied query to a third-party endpoint using curl, but there is no indication of notice, consent, or minimization before transmitting potentially sensitive user data. In a trading-signal skill, queries may contain portfolio positions, watchlists, or investment intent, so undisclosed external transmission creates a real privacy and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal