ClawHub

Bytesagain Crypto Tracker Cn

Security checks across malware telemetry and agentic risk

Overview

This mostly works as a crypto market tool, but it also includes under-disclosed local financial logging and persistence that users should review before installing.

Install only if you are comfortable with a shell-based crypto tool that contacts public market-data APIs and stores portfolio, alert, and history data locally. Review scripts/script.sh carefully or avoid using it if you only want crypto price lookup, and treat all trading strategy content as educational rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill metadata declares no permissions, yet static analysis detected capabilities for environment access, file writing, network use, and shell execution. For a market-tracking skill, undisclosed shell and file-write capability materially expand the attack surface because the skill could fetch and execute arbitrary content, access local data, or persist artifacts without user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared purpose is cryptocurrency market tracking, but the analyzed behavior reportedly includes personal finance tracking, budgeting, spending history, CSV export, and forecasting. This mismatch is dangerous because users may supply sensitive financial information under false assumptions about the skill’s scope, increasing the risk of unnecessary data collection, retention, and exfiltration.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill metadata presents a market-tracking tool, but this section also persists portfolio holdings to ~/.crypto-tracker/portfolio.json. Storing sensitive financial preference/position data expands the data-handling scope beyond simple market lookup and can expose user holdings to other local users, backups, or unintended collection without clear disclosure.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is described as tracking and analysis, but it also creates persistent local alert definitions in ~/.crypto-tracker/alerts.json. While less sensitive than a portfolio, this still stores user behavioral/financial intent data without clear notice, creating a privacy and transparency issue.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
This code initializes a local data directory and writes portfolio holdings to disk even though that storage is not clearly justified by the stated purpose. Portfolio holdings are sensitive financial data, so undisclosed local persistence increases privacy risk and may surprise users who expect transient market queries only.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
This section stores alert definitions locally without clear justification in the stated purpose. Alert thresholds reveal user interests and trading intent, so persistence without disclosure creates a privacy issue even if the data is not highly confidential by itself.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to provide cryptocurrency market tracking, but the script actually implements a personal finance and transaction logger. This mismatch is dangerous because users may invoke it expecting read-only market data behavior while it silently records local financial activity, violating user expectations and undermining trust in the skill’s declared purpose.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The inline documentation presents the tool as crypto/financial analysis software, but the available commands are generic budgeting, export, alert, and transaction logging operations. This deceptive documentation increases the chance that users disclose or process sensitive financial information under false assumptions about the tool’s function.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes portfolio and alert data to local files but does not warn users in help text or comments before doing so. Lack of disclosure undermines informed consent and can lead users to expose sensitive financial data unintentionally on shared or managed systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script logs user activity and transaction-related inputs to files under the local data directory without any warning, consent flow, retention policy, or access control discussion. Because the data concerns personal financial activity, silent persistence can expose sensitive information to other local processes, backups, or shared-user environments.

External Transmission

Medium
Category
Data Exfiltration
Content
coins = list(set(p["coin"].lower() for p in portfolio))
    ids = ",".join(coins)
    try:
        url = "https://api.coingecko.com/api/v3/simple/price?ids={}&vs_currencies=usd".format(ids)
        data = json.loads(urlopen(url).read().decode())
    except:
        data = {}
Confidence
83% confidence
Finding
https://api.coingecko.com/

External Transmission

Medium
Category
Data Exfiltration
Content
coins = list(set(a["coin"].lower() for a in alerts))
    ids = ",".join(coins)
    try:
        url = "https://api.coingecko.com/api/v3/simple/price?ids={}&vs_currencies=usd".format(ids)
        data = json.loads(urlopen(url).read().decode())
    except:
        print("API error")
Confidence
76% confidence
Finding
https://api.coingecko.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal