ClawHub

trading212 Skill

Security checks across malware telemetry and agentic risk

Overview

This Trading212 skill is high impact because it can access brokerage data and place orders, but the artifacts disclose that purpose, default to demo trading, and instruct the agent to require explicit confirmation before execution.

Install only if you intend to connect an agent to your Trading212 account. Keep the default demo mode unless you deliberately want live trading, store API credentials securely, verify every order preview before confirming, and be aware that portfolio snapshots may be written locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The client exposes account transaction history, including deposits, withdrawals, and fees, which is more sensitive financial data than the stated skill description emphasizes. In a trading skill that can already view portfolio data and place orders, expanding access to broader account ledger data increases privacy and data-minimization risk if the agent invokes this method without explicit user need.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The top-level description is broad enough to match generic portfolio or trade-related requests, which can cause the skill to activate outside a clearly intended Trading212 context. Because this skill can access brokerage data and place orders, overbroad routing materially increases the risk of accidental invocation and unintended financial actions.

Vague Triggers

Low
Confidence
83% confidence
Finding
Using a generic trigger like "Give me a summary" can cause the skill to activate during ordinary conversation unrelated to brokerage accounts. In this skill's context, accidental activation may expose portfolio data or steer the interaction into financial analysis without clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "What should I do?" is extremely vague and could trigger trade-proposal functionality from unrelated or emotionally driven prompts. In a skill that generates buy/sell recommendations and supports execution, this ambiguity can escalate ordinary chat into actionable financial guidance without sufficiently explicit intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference states that a snapshot is saved automatically on each summary run, which means invoking a read-like operation causes a local filesystem write as a side effect. In an agent setting, undocumented state changes can violate user expectations, overwrite data, or persist sensitive portfolio information without explicit consent or visibility.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill supports real order execution and documents switching between demo and live environments, but the reference does not provide a strong warning that non-demo mode can place real trades with financial consequences. In an autonomous or semi-autonomous agent workflow, this omission materially increases the risk of accidental live trading, loss of funds, and irreversible user harm.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation lists API key and secret environment variables but does not warn about secure storage, least-privilege handling, or avoiding disclosure in logs, prompts, and repositories. Because these credentials enable brokerage access, poor handling can lead to account compromise, unauthorized order placement, and exposure of sensitive financial data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This rule engine produces actionable buy and sell proposals, including recommendations to liquidate an entire smallest position under the cash reserve rule, without embedding any safeguard, warning, or confirmation requirement in the proposal output. In a trading skill that may later place orders, these proposals can be surfaced or consumed as authoritative trading guidance and materially affect holdings if downstream components act on them without explicit user acknowledgement.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The client provides direct methods to place market and limit orders and cancel orders with no built-in confirmation, approval token, or other safety interlock. In an agent skill context, this is dangerous because any prompt-routing mistake, prompt injection elsewhere in the stack, or flawed automation could trigger irreversible real-money trading actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill can place live market or limit orders immediately from provided parameters, with no built-in confirmation gate, acknowledgement step, or enforcement of demo-only mode. In an agent setting, that creates a direct path from prompt interpretation or tool misuse to irreversible financial transactions, making accidental or manipulated trades highly plausible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal