ClawHub

Freqtrade Deploy

Security checks across malware telemetry and agentic risk

Overview

This trading-bot deployment skill is coherent, but it ships defaults that can expose the bot’s control interface and make live trading with real funds too easy to start.

Review carefully before installing. Use dry-run or paper trading first, set small stake limits, replace all WebUI/API secrets, bind the WebUI to localhost or firewall it, use restricted exchange API keys with withdrawals disabled, and avoid running mutable remote installers without reviewing or pinning the code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script generates a trading configuration with "dry_run": false and "initial_state": "running", meaning a user can quickly move from installation to immediate live trading with real funds. In the context of a one-click deployment skill, this is dangerous because it removes safety friction and can cause unintended financial loss if the user has added API keys without fully reviewing the strategy or risk settings.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly tells users to place exchange API keys into a local configuration file but gives no warning about credential sensitivity, least-privilege permissions, file protection, or avoiding committing the file to version control. In a trading-bot deployment context, these keys can authorize account access and trading actions, so poor handling can lead to account compromise or unauthorized trades if the config is exposed.

Missing User Warnings

High
Confidence
95% confidence
Finding
The README instructs users to run `freqtrade trade --config user_data/config.json`, which can initiate live trading, without any warning that this may place real orders or expose users to financial loss. Because this skill is specifically for deploying an automated trading bot, the context makes the omission more dangerous: users may assume it is a harmless setup step when it can immediately affect real assets.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to execute a remotely fetched shell script directly with `bash <(curl ...)`, which gives arbitrary code from a mutable network location immediate execution on the host without review, pinning, or integrity verification. In a deployment skill for trading software, this is especially dangerous because the same environment may later hold exchange credentials and trading access, so a compromised upstream script, MITM, or repository takeover could lead to host compromise and credential theft.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells users to place exchange API key and secret into a local JSON config file but provides no guidance on secret handling, file permissions, scope restriction, encryption, or avoiding accidental disclosure. In the context of an automated trading bot, leaked credentials can enable unauthorized trades, fund loss, account takeover of trading capabilities, or abuse of connected exchange services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example configuration enables the API server on `0.0.0.0`, which exposes the Freqtrade WebUI/API on all network interfaces. In a trading-bot context this is especially risky because the UI supports viewing balances, manual trade actions, and configuration changes, so weak credentials, port exposure, or internet-facing deployment could lead to account manipulation or sensitive data exposure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script creates a config that is ready for live trading and later instructs the user to start the bot, but it does not provide a prominent safety warning or require explicit acknowledgement before real-money operation. Given this skill's purpose is rapid deployment of a trading bot, the lack of guardrails materially increases the risk of accidental live trading and financial loss.

Missing User Warnings

High
Confidence
99% confidence
Finding
The generated API server configuration binds to 0.0.0.0 and uses predictable default secrets and credentials such as "changeme" and "freqtrade". This can expose the management interface to the network with trivially guessable authentication, enabling unauthorized control of the trading bot, access to sensitive trading data, or abuse of exchange-connected functionality.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal