ClawHub

x trade

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading skill, but it can access private financial data and guide live order actions with broad activation triggers and incomplete guardrails.

Install only if you trust the XCard service and publisher. Use a dedicated least-privilege API key, never paste the key into chat, avoid displaying account data on shared screens, and require explicit confirmation before showing sensitive history or placing/cancelling trades.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill enables account management and order execution on a user's trading account, but the description and top-level guidance do not prominently warn that it can place live trades with financial consequences. In a trading context, missing consent and risk disclosure is dangerous because a user may invoke the skill expecting passive information retrieval while the agent is actually capable of executing transactions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad generic terms such as "balance," "portfolio," and "positions," which can easily appear in ordinary conversation and cause the skill to activate unexpectedly. In a trading context, unintended routing is more dangerous because it can expose or retrieve sensitive financial account data when the user did not clearly intend to access this skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This file documents API-key-authenticated access to sensitive financial profile, balance, and holdings data without any warning, consent flow, or handling guidance for privacy-sensitive output. In an account-and-portfolio module, that omission materially increases the risk of exposing regulated financial information to the wrong user, surface, or conversational context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This module handles sensitive financial history, including deposits, withdrawals, balances, and executed trades, via API-key-authenticated requests, yet the guidance does not warn about the sensitivity of the data or require confirmation before retrieval/display. In practice, this increases the risk of exposing private account activity to an unintended viewer or retrieving more data than the user expects, especially with a default 30-day history window.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains generic terms like "buy," "sell," and "order," which are common in ordinary conversation and can cause unintended activation of a high-risk trading skill. In a financial trading context, accidental invocation is especially dangerous because it may lead the agent into an order workflow or expose trading actions when the user did not intend to trade.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal