ClawHub

Simmer Market Maker

Security checks across malware telemetry and agentic risk

Overview

This is a real-money trading skill with purpose-aligned behavior, but it can broadly cancel open orders and place live trades using a trading API key without enough scoping or prominent warning.

Review this carefully before installing. Use dry-run or TRADING_VENUE=sim first, use a least-privilege API key if available, and do not run --live on an account that has manual or other-strategy open orders unless you are comfortable with them being canceled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The strategy unconditionally cancels all open orders before placing new quotes, which can affect unrelated user orders outside the specific markets this skill selected. In a live trading context this creates an integrity and availability risk for the user's broader trading activity, especially if the account is used by multiple strategies or manual workflows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states in the strategy section that it cancels existing open orders before placing new ones, but this operationally significant behavior is not surfaced as a clear warning in the user-facing description/usage guidance. For a trading skill, undisclosed mass cancellation can disrupt user strategies, remove protective liquidity, and cause financial loss or missed fills if the skill is run against a live account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest requires a sensitive credential (SIMMER_API_KEY) but does not provide any user-facing notice that the skill will connect to an external trading service and place real market orders using that credential. In a financial trading skill, this omission is more dangerous than usual because users may unknowingly authorize live order placement and account activity with direct monetary consequences.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal