ClawHub

Openclaw Trading Suite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading-automation scaffold; its financial and logging risks are real but aligned with its stated purpose.

Use this only if you intentionally want a trading automation scaffold. Keep it in paper mode by default, configure live broker credentials only after review, avoid free-agent live mode without hard exposure limits and manual kill switches, and decide how long local databases, reports, and raw snapshots should be kept or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation guidance is broad enough that the skill may be selected for generic trading-related requests, which can cause an autonomous agent to apply high-risk financial workflows in contexts where the user did not clearly request end-to-end trading behavior. In a trading skill, overbroad activation is more dangerous because it can lead to unsolicited strategy generation, execution planning, or data logging in a sensitive financial domain.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that all decisions, signals, fills, outcomes, and model versions are retained, but it does not present a clear user-facing notice about retention scope, purpose, access, or deletion controls. In a financial context, persistent storage of trading activity and model history can expose sensitive behavioral, account, and strategy data, increasing privacy, compliance, and breach risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly logs research, signals, orders, fills, and P&L to persistent storage without surfacing consent, retention limits, or handling safeguards at the point where logging is mandated. Because this is an autonomous trading orchestration skill, the logged records could reveal account behavior, trading preferences, and proprietary strategy performance, making the absence of visible data-handling controls materially risky.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document defines increasingly autonomous trading modes, including full execution autonomy and dynamically defined risk tolerance, without any explicit warning about financial loss, unintended execution, or the need for informed user consent. In a trading context, this omission is dangerous because readers may adopt or expose these modes without understanding the material risk of automated orders and strategy drift.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document defines a persistent storage baseline for trading analysis and RL/ML retraining but includes no retention limits, deletion policy, data minimization guidance, or privacy/security controls. In this context, the schema could lead implementers to store sensitive operational, behavioral, or user-linked data indefinitely, creating compliance, privacy, and breach-amplification risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guidance to keep raw snapshots in append-only storage encourages indefinite preservation of potentially sensitive raw event data without any warning or lifecycle controls. Append-only stores are valuable for auditability, but without redaction, retention bounds, or access restrictions, they can accumulate secrets, personal data, or trading-sensitive records that increase exposure if accessed or breached.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document gives concrete instructions for building and deploying live automated trading bots, including APIs, execution venues, sizing logic, and order placement, but does not include meaningful risk disclosures, simulation-first guidance, or safeguards against real-money loss. In a skill context, this can normalize immediate deployment of speculative strategies and expose users to financial harm, especially because the content presents the plans as production-ready and reproducible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal