ClawHub

Trading Bot Risk-as-a-Service: Real-Time Portfolio Risk Monitoring for Multi-Exchange Operations

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable trading-risk guide, but it includes under-scoped examples for live exchange access and order cancellation that users should review carefully before using.

Treat this as a Review item, not proven malware. It is a guide rather than an executable installer, but only use it with sandbox or read-only exchange credentials until you explicitly decide to enable trading controls. Verify what data is sent to GreenHelix and webhook endpoints, store signing and exchange secrets in a proper secret manager, and require clear approval, audit logging, and least-privilege keys before allowing any code based on this guide to cancel orders or close positions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The document makes a security-relevant architectural claim that the risk engine never polls exchanges directly, but later includes code that directly queries exchange APIs and can act on them. This mismatch can mislead operators about trust boundaries, required credentials, failure modes, and the actual blast radius of deploying the skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The exchange adapter includes `cancel_all_orders()`, giving a supposedly monitoring-oriented service direct trading-control capability. If deployed with exchange credentials that permit order management, bugs, misuse, or compromise of the monitoring component could disrupt live trading across venues.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The guide states that OPEN state cancels orders and may close positions, but the implementation only changes internal state and emits events. In a real incident, operators may falsely assume protective actions are automatic, causing dangerous delays and leaving live positions exposed during severe market moves.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill references `AGENT_SIGNING_KEY` and discusses private signing keys without sufficient handling guidance, despite the credential being security-sensitive. Users may store, paste, log, or transmit the key insecurely, enabling event forgery or impersonation of the risk agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide shows webhook registration and outbound alert delivery containing operational trading and risk data, but does not warn about confidentiality, integrity, or endpoint trust. This can lead users to send sensitive portfolio state to third-party endpoints without TLS validation, payload minimization, or secret verification practices.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal