ClawHub
Back to skill

Security audit

Btc Strategy V40

Security checks across malware telemetry and agentic risk

Overview

This skill is an automated leveraged crypto-trading setup with real account-impacting authority and under-disclosed external notifications.

Review this as live trading automation, not just a signal helper. Install only with a limited or test exchange account, enforce manual approval or paper mode before any live order, set independent leverage and notional limits, and remove or reconfigure the Telegram token/chat behavior before running the monitor.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
if __name__ == "__main__":
    DATA_FILE = os.path.expanduser("~/.okx_data/historical/btc_4h_recent.json")
    os.system('okx market index-candles BTC-USD --bar 4H --limit 100 --history --json > ~/.okx_data/historical/btc_4h_recent.json 2>/dev/null')
    
    strategy = BTC10xStrategyV40(DATA_FILE)
    result = strategy.run()
Confidence
93% confidence
Finding
os.system('okx market index-candles BTC-USD --bar 4H --limit 100 --history --json > ~/.okx_data/historical/btc_4h_recent.json 2>/dev/null')

Context-Inappropriate Capability

High
Confidence
91% confidence
Finding
This use of os.system with shell redirection is materially riskier than the fixed-argv subprocess call because it explicitly invokes a shell and performs file writes. In an agent skill that may run automatically, undisclosed shell-based fetching and persistence increase the chance of misuse, environment-based hijacking, or unexpected modification of user files.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The script reads a Telegram bot token from disk and uses it to send outbound notifications containing trading activity. In a trading skill, external messaging can be legitimate, but doing so without clear disclosure or opt-in expands data exposure and creates a channel through which sensitive operational information leaves the host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes automatic leveraged perpetual futures trading but does not present a clear upfront user warning about real financial risk, liquidation risk, or that orders may be placed on a live account. In a trading context, omission of such warnings increases the chance of unintended high-impact actions by users who may not realize the system can initiate leveraged positions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The order execution and stop-loss sections instruct immediate submission of market and algorithmic orders without any confirmation gate, dry-run mode, or human approval step. In a live perpetual-swap environment, this can directly trigger unintended leveraged trades and automated follow-on orders, causing rapid financial loss if signals, sizing, or market conditions are wrong.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script fetches external data and writes it to a user file path without prominent disclosure, consent, or runtime confirmation. In the context of an auto-executed trading skill, hidden side effects are more dangerous because users may not expect local persistence or external command execution as part of a strategy run.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script silently loads a Telegram token from a local file and later uses it for external messaging, but it gives no meaningful disclosure that alerts will be sent to a third party. In a trading context, this can leak position state, pricing, and strategy behavior to external infrastructure without informed user consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code transmits trading-related messages, including entry, stop-loss, take-profit, and PnL data, to Telegram without an explicit warning that such information will leave the machine. For an automated trading workflow, leaking this telemetry can expose positions and strategy timing to third-party services or anyone controlling the configured bot/chat.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal