ClawHub

xcard-trading

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed XCard trading helper, but it can access private financial data and cancel or place orders with some under-scoped controls.

Install only if you trust the XCard service and publisher. Use a dedicated least-privilege API key, avoid shared screens or logs when viewing account data, and require explicit confirmation before showing private account/history details or placing or cancelling any order.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases are broad enough to activate this skill for generic terms like 'balance', 'portfolio', or '账户', which can appear in contexts unrelated to brokerage access. In a financial skill that retrieves sensitive account and holdings data, overly permissive routing increases the chance of unintended invocation and exposure of private financial information without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This file documents endpoints for profile, cash balance, and positions, all of which expose sensitive financial and identity-related data, but it provides no warning or guardrail about confirming user intent, protecting output, or handling account data carefully. In the context of a trading/account skill, the absence of such cautions makes accidental disclosure more likely if the skill is invoked in ambiguous or shared-user situations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include very generic terms such as "history," "report," and "transactions," plus broad Chinese equivalents, which can cause the skill to activate on unrelated user requests. In a financial trading context, accidental activation is more dangerous because it may expose sensitive trading or account history when the user intended a different kind of history or report.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section exposes highly sensitive financial records, including deposits, withdrawals, balances after each transaction, and detailed trade settlement descriptions, but provides no user-facing privacy warning, confirmation step, or minimization guidance. In a brokerage-style skill, this increases the risk of revealing confidential financial information through overbroad invocation, shoulder-surfing, or accidental display to an unauthorized viewer.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad generic terms like 'buy', 'sell', 'order', and 'cancel', which can cause the skill to activate from ordinary conversation rather than clear trading intent. In a financial trading skill, unintended invocation is especially risky because it can expose account/order data or initiate sensitive trade flows before the user has clearly scoped the request.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
---

## DELETE /orders/{order_id} — Cancel an order

**Request**
```
Confidence
72% confidence
Finding
DELETE /orders/{order_id}

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal