ClawHub

Hype Scanner

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed market-hype alert scanner, but its code also adds under-documented trading-account updates containing equity and positions into the same Telegram alert flow.

Review before installing. Use it only if you are comfortable with unattended scheduled scans, Telegram delivery, and possible inclusion of trading-account details such as equity and positions. Do not connect brokerage credentials or add the missing trading-monitor component unless its behavior is reviewed and the trading-alert feature is explicitly intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is presented as a hype scanner, but it also imports a trading monitor and writes brokerage/trading account updates into the same alerts output. This creates hidden scope expansion into sensitive financial-account monitoring, which can expose portfolio status and position data to downstream consumers that only expected market-hype signals.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The code includes brokerage/trading status inspection capability unrelated to the stated purpose of hype detection. In a security review, undeclared access to financial-account state is risky because it broadens data access and may leak sensitive account information or enable unexpected workflows around live trading operations.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The header comment claims that only validated hype signals become alerts, but the implementation also emits non-hype trading updates. This mismatch is dangerous because operators or downstream automations may trust the alerts channel as containing only one class of data, causing unintended disclosure or misrouting of sensitive trading information.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill prescribes autonomous Telegram transmission of alert data without an explicit user-facing warning or consent boundary. In an agent environment, silent outbound messaging can leak potentially sensitive market interests, watchlists, or derived signals to external services, especially when combined with scheduled unattended execution.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The document emphasizes autonomous, silent 24/7 operation while instructing scheduled background execution and persistent writes to `alerts.json`, `scanner-state.json`, and logs. In agent deployments, undisclosed continuous background activity can create privacy, resource-consumption, and forensic-risk issues because users may not realize the skill is running repeatedly and accumulating local data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal