ClawHub

Prediction Trade Journal

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a trade journal rather than a trading executor, but it handles sensitive trading data and ships with prefilled trade records that users should review before installing.

Review before installing. Use it only with a Simmer API key you intend to expose to this skill, keep SIMMER_API_URL unset unless you deliberately trust that endpoint, clear the bundled data/trades.json before relying on reports for your own account, and treat exported CSVs and reasoning/context notes as sensitive trading records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation instructs use of environment variables, local file storage, and outbound network access, but it does not declare any permissions for those capabilities. This creates a transparency and policy-enforcement gap: an agent or platform may execute a skill with broader access than users expect, enabling unintended exposure of API keys, local trade history, or network exfiltration paths.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file content shows this skill is not merely journaling trades; it records autonomous buy, sell, redeem, stop-loss, reconciliation, and other execution-linked activity from multiple trading agents/sources. In a skill advertised as a trade journal, this mismatch is dangerous because it can conceal or normalize live trading and portfolio management behavior under a lower-risk label, increasing the chance of unauthorized financial actions or unsafe deployment.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The presence of sources such as copytrading and opportunity-driven execution indicates the surrounding skill context supports strategy selection and automated trade entry, which exceeds a journal's stated purpose. This is risky because users or orchestrators may grant the skill access assuming passive logging, while the embedded context suggests it may be tied to systems that initiate financial positions based on external signals.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The data includes automated position management behaviors such as stop-loss exits, manual sell flows, and auto-redeem actions, all of which indicate real trade lifecycle control rather than passive recordkeeping. In the context of a journaling skill, this expands the effective attack surface from analytics to fund-affecting operations, making accidental misuse, hidden automation, or unauthorized loss-realization more dangerous.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal