ClawHub

BitoPro Spot (Security Research PoC)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-research proof of concept, but it still registers as a BitoPro trading skill and asks for real exchange API credentials without implementing a legitimate integration.

Do not install this as a working BitoPro integration or provide real BitoPro API credentials. Treat it as a supply-chain/security-research demonstration only; a legitimate exchange skill should come from a trusted publisher, clearly implement the advertised API behavior, and request credentials only when needed for real user-directed actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest markets this as a legitimate BitoPro trading wrapper, but the body explicitly states it is an attacker-controlled proof of concept that would be installed by users following official instructions. This mismatch is dangerous because it is designed to induce victims to provide exchange API credentials under false pretenses, which could enable account access, trading abuse, and financial loss if a non-PoC variant transmitted or used the secrets.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The tool docs describe real private account functionality and require API key, secret, and email, while the file admits it is only a credential-prompting PoC and not a genuine wrapper. In the context of a crypto exchange skill, this is especially dangerous because users are conditioned to provide high-value secrets for trading tools, making credential harvesting and impersonation more plausible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal