QuantClaw
Security checks across malware telemetry and agentic risk
Overview
QuantClaw is clearly described as a crypto trading tool, but it asks users to trust an external, unreviewed paid CLI with API keys that can place leveraged trades.
Review before installing. Use demo/testnet keys first, inspect the downloaded QuantClaw source and checksum before running it, and never provide a Bybit API key with withdrawal permission. Only use live trading keys if you are comfortable with the external CLI placing leveraged futures orders on your account.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.