ClawHub

Trends

Security checks across malware telemetry and agentic risk

Overview

The skill is a mostly coherent guide for a crypto trading wallet CLI, but it needs review because it can steer users into high-impact wallet transactions with broad triggers, confirmation bypasses, and an unreviewed global npm tool.

Review this before installing if you plan to use real funds. Use a dedicated low-balance wallet, verify the configured wallet address, avoid wallet init --force unless you are certain it will not replace key material you need, and keep per-transaction confirmations enabled for create, buy, sell, and reward claim actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description says to trigger whenever the user mentions "trends" or "trends-skill" commands, which is broad enough to capture unrelated conversations about general trends. Overbroad activation can cause the wrong skill to engage and steer users into blockchain trading or wallet actions they did not request, increasing the chance of unsafe or misleading assistance.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The package-based trigger treats vague phrases like "trends command" and "trends tool" as sufficient without any disambiguation. This can misroute benign requests into a skill that provides operational crypto/trading guidance, which is especially risky because the skill also supports write actions like create, buy, sell, and reward claim.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly shows a force-overwrite wallet initialization command without an adjacent warning that it will replace existing key material. In a wallet-management context, this can cause irreversible loss of access to funds or accidental destruction of an existing identity if a user runs it without understanding the consequence.

Ssd 2

Medium
Confidence
96% confidence
Finding
The eval explicitly endorses a confirmation-bypass path for a buy operation by stating that the response should accept 'direct write mode' and execute after only preflight disclosure. In a trading skill, normalizing user-supplied requests to skip confirmation weakens a critical safety control and can lead to unintended or manipulated asset transfers, especially if an attacker socially engineers the phrasing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal