ClawHub

openclaw-funding-arb

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MEXC trading-bot skill, but it can place live leveraged trades with sensitive API keys and too little built-in safety or warning.

Review carefully before installing or running. Use a no-withdrawal, least-privilege MEXC API key, set explicit MAX_NOTIONAL_USDT or MAX_OPEN_VOL limits, reduce leverage from the default, choose and protect a dedicated STATE_FILE path, and monitor execution. Do not run it on an account or balance you cannot afford to put at risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs use of environment variables, reads and writes a state file, and runs a networked trading bot, yet no permissions are declared. This creates a transparency and governance gap: users and hosting systems cannot accurately assess that the skill can access secrets, place network calls to an exchange, and persist trading state before using it.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation tells users to provide MEXC API credentials but does not warn that these secrets authorize live trading and must be protected like high-impact financial credentials. In this context, mishandling can lead directly to unauthorized trades, account abuse, or leakage through logs, shell history, copied scripts, or shared environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes an automated bot that opens and closes leveraged exchange positions around funding events, but it gives no explicit warning that this is live trading with material financial, execution, and liquidation risk. Because the documented purpose is to run and modify a real arbitrage strategy, omission of risk disclosures makes accidental misuse more likely and increases the chance of users deploying it without safeguards or testing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code automatically places leveraged market orders and persists open-position state with no interactive confirmation, dry-run mode, kill switch, or explicit safety interlock at the execution point. In the context of a trading skill, that creates a real operational security and safety risk: accidental invocation, misconfiguration, stale credentials, or hostile orchestration around the skill could trigger real trades and financial loss without an additional guardrail.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal