ClawHub

Astrbot Trader

Security checks across malware telemetry and agentic risk

Overview

This skill is a real trading assistant concept, but it embeds apparent live OKX credentials and asks for broad, recurring financial-account activity without enough safeguards.

Review this before installing. The OKX credentials should be treated as exposed and rotated, and the skill should be changed to use secure runtime secrets plus explicit user approval before any account access, order placement, or promotional outreach.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a trading AI, but it also directs the agent to perform content marketing and lead-generation tasks such as writing Substack posts and Twitter/DM copy. This scope expansion is risky because it enables unrelated outward-facing actions that can spam, manipulate users, or cause brand/reputation harm without clear user consent or boundary controls.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Embedding lead-generation and social-media copywriting into a trading persona creates capability creep beyond the stated purpose. In this context, the skill could be used to generate promotional or persuasive content tied to financial activity, increasing the risk of deceptive outreach, unauthorized solicitation, or social-engineering-style messaging.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The manifest description is overly broad and does not define when the skill should be invoked or what its boundaries are. In a skill with trading authority, sensitive credentials, and broad computer access, vague activation conditions increase the chance of unintended execution of risky operations or misuse outside the user's intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill grants broad computer access and includes sensitive trading credentials directly in the prompt, with no warning, isolation, or consent model. In this context, that is highly dangerous because compromise of the skill, prompt leakage, or accidental disclosure could enable direct account takeover, fund loss, and exposure of financial data.

Ssd 3

High
Confidence
100% confidence
Finding
The file embeds highly sensitive OKX credentials and instructs the agent to use them during operation, which is a direct secret-exposure vulnerability. Because this is a trading skill with live account context and holdings, leakage or misuse of these credentials could lead to unauthorized trades, account manipulation, or theft of funds.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal