ClawHub

binance-trading

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent direct live Binance trading power without enough built-in safeguards or credential warnings.

Install only if you intentionally want an agent to control Binance trading. Use a separate restricted API key with withdrawals disabled, avoid hardcoding secrets, prefer testnet or very small limits first, and require your own explicit confirmation before any order, leverage change, or position close.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents live spot and futures trading actions, including order placement, leverage changes, and position closing, but provides no warning that these operations can directly move funds, increase liquidation risk, or close positions irreversibly. In an agent-skill context, exposing destructive financial actions without prominent risk disclosure and confirmation guidance increases the chance of accidental or unauthorized high-impact trades.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to configure Binance API and secret keys but does not warn that these credentials grant trading authority and must be protected as sensitive secrets. In practice, this can lead users to hardcode keys, store them insecurely, or use overprivileged credentials, enabling account takeover or unauthorized trading if exposed.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill exposes direct order-placement functionality for spot trading without any user-facing confirmation, preview, policy gate, or secondary authorization step. In an agent context, this creates a high-risk path where a mistaken prompt, prompt injection, or ambiguous instruction can trigger irreversible financial transactions on a real Binance account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill automatically reads Binance API credentials from environment variables and performs authenticated account actions without clearly disclosing that sensitive credentials and private account data will be used. In an agent setting, this can surprise users, expand the blast radius of prompt misuse, and expose balances, positions, and account state through ordinary tool invocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal