ClawHub

Alpaca Markets CLI

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about connecting to Alpaca, but it can let an agent place trades and cancel or close all orders/positions with live brokerage credentials and no built-in confirmation guard.

Install only if you are comfortable giving an agent access to Alpaca credentials. Use paper-trading keys first, leave ALPACA_BASE_URL unset unless you intentionally want live trading, and require manual review before any order placement, order replacement, cancellation, or position-closing command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares access to sensitive environment variables and clearly describes network-capable API operations, but the manifest does not present an explicit permission model for those capabilities. This creates a transparency and governance gap: a user or host system may not understand that the skill can read brokerage credentials and send live trading requests, increasing the chance of unintended account access or financial actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented operations include placing orders, canceling orders, and closing positions, but the description lacks a strong, explicit warning that these actions can cause immediate financial loss, liquidation, or irreversible account changes if executed against a live account. In a trading skill, omission of that warning materially increases the risk of accidental destructive use, especially because both paper and live environments are discussed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference documents order cancellation and position-closing endpoints that can directly liquidate assets or unwind trading activity, but it provides no warning about financial consequences, account scope, or need for explicit user confirmation. In an agent skill context, this omission is dangerous because an LLM or automation layer may treat these endpoints as routine operations and execute irreversible or costly actions without sufficient friction.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **Get Order**: `GET /v2/orders/{order_id}`
- **Replace Order**: `PATCH /v2/orders/{order_id}`
- **Cancel Order**: `DELETE /v2/orders/{order_id}`
- **Cancel All Orders**: `DELETE /v2/orders`
- **Get Positions**: `GET /v2/positions`
- **Close Position**: `DELETE /v2/positions/{symbol}`
- **Close All Positions**: `DELETE /v2/positions`
Confidence
83% confidence
Finding
DELETE /v2/orders`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **Cancel All Orders**: `DELETE /v2/orders`
- **Get Positions**: `GET /v2/positions`
- **Close Position**: `DELETE /v2/positions/{symbol}`
- **Close All Positions**: `DELETE /v2/positions`
- **Get Assets**: `GET /v2/assets`

### Market Data
Confidence
90% confidence
Finding
DELETE /v2/positions`

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal