ClawHub

vibetrading-global-signals

Security checks across malware telemetry and agentic risk

Overview

This skill appears to query a public crypto trading-signal API and print results, without evidence of credential access, local data collection, trade execution, or hidden persistence.

Install only if you are comfortable running npm dependencies and making outbound requests to vibetrading.dev. Treat the returned trading signals as informational, verify them independently, and enable cron or OpenClaw scheduling only when you intentionally want recurring market checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal