ClawHub
Back to skill

Security audit

Crypto Signals Automation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto-trading automation skill, but it asks an agent to handle exchange credentials and set up unattended live trading with limited control boundaries.

Install only if you intentionally want an agent to help build a live crypto-trading bot. Use a sandbox or low-balance subaccount, keep mnemonics and API secrets out of chat and source control, review any generated trading or cron code before use, require manual approval before live orders, and define a clear stop/disable process before enabling automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill describes capabilities to write files, make network requests, and invoke shell-related operations, but it does not declare any explicit permissions or constraints. In a secrets-heavy automation context involving API keys, wallet mnemonics, trading execution, cron, and notifications, this lack of permission declaration weakens reviewability and increases the chance of over-privileged or unsafe execution paths.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The checklist explicitly asks operators to gather highly sensitive secrets including a RapidAPI key, dYdX mnemonic path, and Telegram bot token, but provides no guidance on secure storage, redaction, least-privilege handling, or avoiding plaintext transmission. In a trading automation context, these credentials can enable account access, trade execution, data misuse, or notification channel takeover if copied into insecure notes, chats, or configs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal