Kraken CLI

Security checks across malware telemetry and agentic risk

Overview

This Kraken trading skill is mostly purpose-aligned, but it needs Review because its high-impact crypto account access depends on shell configuration that can execute code before safeguards run.

Install only if you trust the publisher and can control the runtime environment. Use least-privilege Kraken API keys, avoid withdrawal permissions unless necessary, keep OPENCLAW_KRAKEN_CONFIG pointed at a trusted file you own, do not store secrets in that file, and review any settings that disable confirmation or change endpoints before using trading or funding commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The function sources a shell script from the environment-controlled path OPENCLAW_KRAKEN_CONFIG, which causes arbitrary Bash code in that file to execute in the current process. Because this skill manages Kraken API access and trading-related settings, an attacker who can influence that environment variable or config file can run arbitrary commands, steal secrets, alter endpoints, or disable safety controls before any guarded actions occur.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal