ClawHub

Sim Trading MVP

Security checks across malware telemetry and agentic risk

Overview

This appears to be a paper-trading automation skill, but it needs review because it can create persistent scheduled jobs and modify ongoing account/log state without sufficiently clear user controls.

Install only if you intentionally want a recurring paper-trading simulation. Before enabling automation, confirm the exact files it will create or update, the cron entry it will install, how to disable it, and what language reports should use. Do not treat its simulated decisions as financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description contains broad triggers like acting like an investor, maintaining a model portfolio, scheduling decisions, or sending daily reviews, which could match ordinary user conversation and auto-activate the skill unexpectedly. In this context, unexpected activation is more dangerous because the skill performs persistent logging, may set up cron jobs, and makes simulated trading decisions that affect local state and ongoing automation.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill mandates a Chinese recap without checking the user's language preference or documenting a necessary locale requirement. While not directly enabling code execution, it can miscommunicate financial decisions, reduce user comprehension of account status, and cause mistakes in a workflow that records persistent trading actions and reports.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The guide instructs the agent to update account and log files and provides cron-creation commands, but it does not require explicit user confirmation of file locations, write scope, retention, or overwrite behavior. In an automation context, this can lead to unintended persistent system changes, duplicate scheduled tasks, or modification of user data without sufficiently informed consent.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
Forcing the daily recap to be sent in Chinese without user opt-in can cause miscommunication about financial activity and system actions. In a trading-related workflow, language mismatch increases the risk that the user will misunderstand performance, positions, or operational changes, which can undermine informed oversight of the automated process.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal