ClawHub

weather-agent

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an automated weather-market trading tool that can place real-money trades only when the user deliberately runs or enables live trading.

Install only if you intentionally want automated real-money trading. Review the source, run dry-run first, use a dedicated Simmer key with no withdrawal or account-modification permissions, keep a small balance exposed, and leave autostart disabled unless you are prepared for unattended trades every six hours.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no explicit permissions despite clearly requiring environment access, network access, and likely file writes for configuration changes. This creates a transparency and least-privilege problem: users and any hosting platform cannot accurately assess or constrain what the skill can do before installation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The stated purpose is narrowly framed as weather-market trading, but the documented behavior also includes portfolio inspection, positions/PnL reporting, and a standalone status utility. That mismatch weakens informed consent and can hide broader account visibility or operational scope from users reviewing only the summary description.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The file’s behavior is materially inconsistent with the declared skill purpose: instead of NOAA/Polymarket weather analysis, it accesses a Simmer trading account and reveals portfolio data. In an agent-skill context, capability mismatch is dangerous because it can induce users or orchestrators to grant credentials and execute code outside the expected trust boundary, enabling unauthorized account access or data exposure.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script loads and uses SIMMER_API_KEY to access a separate trading platform account that is not justified by the stated weather-market trading functionality. In a skill package, undisclosed credential scope expansion is risky because it can cause users to expose API keys for services they did not intend to connect, and the script can retrieve sensitive financial account information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
In live mode, the script can place and sell real positions immediately based only on the presence of --live, with no secondary confirmation or interlock. In an agent-skill context, this increases the risk of accidental or induced financial transactions from mis-invocation, prompt misuse, or automation mistakes.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Default State: `autostart:false` - Will NOT run automatically
- Autonomous Behavior: Runs every 6 hours when manually enabled
- Financial Risk: Can deploy $30-60/day (max $100/day with quality filter)
- No Per-Trade Review: Trades execute automatically without approval

## Installation & Security
Confidence
90% confidence
Finding
without approval

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal