ClawHub
Back to skill

Security audit

pionex-trade

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed Pionex trading helper that can place or cancel real spot orders, so it is acceptable but financially sensitive.

Install only if you trust the Pionex CLI package and are comfortable giving an agent access to trading-capable API keys. Use least-privilege keys, enable IP whitelisting where possible, keep dry-run and manual confirmation for live trades or cancellations, and revoke keys when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal