ClawHub

msx-trading

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated MSX trading purpose, but it should be reviewed carefully because it can access private financial data and manage orders with broad triggers and incomplete safeguards.

Install only if you intentionally want an agent to interact with your MSX trading account. Use a dedicated least-privilege API key, avoid enabling trading permissions unless needed, verify the MSX endpoint and publisher independently, and manually confirm any account-history display, order placement, or cancellation before it is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance is broad enough that ordinary words like 'account', 'balance', or 'portfolio' may activate this skill in situations where the user did not clearly intend to access brokerage data. In a trading context, accidental invocation can expose or retrieve sensitive financial information and increase the chance of unauthorized data access through ambiguous prompts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This file documents endpoints that expose sensitive account, balance, and holdings data but provides no user-facing privacy notice, consent checkpoint, or handling guidance for financial data. In a brokerage-style skill, that omission makes it easier for the agent to surface private portfolio information without sufficient user awareness or confirmation, especially in shared-device or ambiguous-request scenarios.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases include very broad terms such as "history," "report," and Chinese equivalents that can appear in ordinary conversation, increasing the chance this skill file is loaded when the user did not intend to access trading-history functions. In a finance context, incorrect routing is more dangerous because it can expose or summarize sensitive account, order, and transaction history without a sufficiently specific user request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This module provides access to highly sensitive financial data, including deposits, withdrawals, balances after transactions, and trade settlements, but the guidance contains no privacy guardrails, consent check, or warning before surfacing that information. In a brokerage-like setting, exposing detailed transaction history is especially sensitive because it reveals financial behavior, balances, and potentially regulated account activity.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes generic English words like 'buy', 'sell', 'order', and 'cancel', which can appear in ordinary discussion and may cause the trading skill to activate outside clear user intent. In a financial trading context, overly broad activation increases the risk of the agent entering an order-handling flow when the user is only asking informational or hypothetical questions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal