ClawHub

Crypto Funding Harvester

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public crypto funding-rate data on a schedule and writes a local JSON report, with no evidence of credential use, trading, exfiltration, or destructive behavior.

Install only if you want a background task polling public crypto exchange APIs every 15 minutes and updating /tmp/funding_opportunities.json. Review the output path in shared systems, and independently evaluate trading risks such as fees, liquidity, liquidation, exchange risk, and changing funding rates before acting on any opportunity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, but its documented behavior clearly requires network access, environment-variable access, and local file writes. This mismatch is a real security issue because it prevents accurate review and informed consent about what the skill can do, especially its periodic outbound requests and overwrite of a local file under /tmp.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill states that it writes results to /tmp/funding_opportunities.json but does not warn about overwrite behavior, persistence expectations, or possible interference with other local processes using the same path. In context this is not overtly malicious, but undocumented local writes can still cause data clobbering, confusion, or unsafe assumptions in shared environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal