ClawHub

EchoSync

Security checks across malware telemetry and agentic risk

Overview

EchoSync appears purpose-aligned, but it can place live trades and change copy-trading settings without clear confirmation safeguards.

Install only if you intend to let this skill access EchoSync and submit Hyperliquid trading and copy-trading actions. Use it on a trusted machine, check that endpoint environment variables are not tampered with, avoid sharing token output or verbose logs, and require your own explicit confirmation before any order, cancel, leverage, wallet, or copy-trade change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill uses broad natural-language trigger phrases such as "buy," "sell," "long," "short," and "toggle," which can match ordinary conversation and accidentally invoke trading or configuration-changing actions. In a trading skill, unintended execution is materially risky because misclassification can lead to real financial transactions rather than harmless chat responses.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill enables order placement, cancellation, leverage changes, and copy-trading actions without requiring explicit pre-trade warnings, confirmations, or recap of key parameters. Because these operations can directly affect live funds and positions, the absence of confirmation and risk warnings significantly increases the chance of accidental or misunderstood destructive actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Verbose mode logs full request URLs, query parameters, and request bodies for authenticated API calls. In this trading/OAuth context, those payloads can contain wallet addresses, order details, copy-trade settings, and other sensitive account activity that may be captured in shell history, CI logs, terminals, or support transcripts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The token command emits the raw OAuth access token directly to stdout with no warning or confirmation. In practice, this makes accidental credential disclosure likely via terminal scrollback, shell history, process capture, logging wrappers, or misuse in scripts, and the token could then be used to act on the user's account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal