ClawHub

Storyclaw Alpaca Trading

Security checks across malware telemetry and agentic risk

Overview

This Alpaca trading skill is mostly purpose-aligned, but it includes under-documented strategy scripts that can place or rotate real trades without an enforced confirmation step.

Install only if you are comfortable granting Alpaca trading authority. Use paper-trading credentials by default, avoid running the aggressive or momentum strategy scripts unless you have reviewed them, and require a separate human confirmation before any live order is submitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is narrower than the detected behavior, while the hidden or undocumented behaviors include aggressive automated trading and momentum rotation strategies capable of placing and managing trades. In a financial-trading skill, undocumented autonomous execution paths are dangerous because they can cause unapproved real-money transactions and materially different risk exposure than the user was told to expect.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation instructs storing per-user Alpaca API keys and secrets in local JSON credential files, which expands the attack surface to local secret storage. If file permissions are weak, backups are exposed, or the host is multi-tenant, these credentials could be stolen and used to access brokerage accounts and place trades or extract account data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script calculates the maximum affordable share count and immediately executes a live buy via `node trading.js buy` with no confirmation, dry-run gate, or explicit paper-trading restriction. In a trading skill that supports real accounts, this can place a large all-in order from automation or accidental invocation, causing rapid financial loss from mistakes, misuse, or unexpected market conditions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The strategy automatically issues sell orders when P&L thresholds are met, without any user review or confirmation. In a skill capable of real trading, this can trigger unintended liquidation based on brittle output parsing or transient market data, leading to unwanted trades and financial harm.

Missing User Warnings

High
Confidence
96% confidence
Finding
The RSI strategy can place live market buy and sell orders immediately based on calculated signals, with no explicit confirmation, no dry-run default, and no safety gate distinguishing paper from real trading at execution time. In a trading skill, this context makes the issue more dangerous because mistakes, prompt misuse, or accidental invocation can directly cause financial loss in a real brokerage account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal