ClawHub

Near Dca

Security checks across malware telemetry and agentic risk

Overview

This NEAR trading skill is not shown stealing data, but it handles wallet keys, schedules recurring purchase actions, and can record simulated trades as if they succeeded.

Review carefully before installing. Do not use a funded wallet private key with this skill unless you have independently verified the code and are comfortable with recurring automation. Treat its transaction hashes, prices, alerts, and performance data as untrusted until real on-chain execution and notification delivery are implemented and verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill advertises financial automation but does not declare permissions despite static analysis detecting environment access. In a DCA context, environment variables often hold wallet credentials, API keys, or account configuration, so undeclared env capability weakens transparency and can expose sensitive data paths to users and reviewers.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented purpose understates the apparent behavior by omitting purchase execution, private-key/account handling, notifications, broader strategy lifecycle actions, and persistent local management. In a finance-related skill, this mismatch is dangerous because users may authorize or run it without understanding that it can move funds, handle credentials, and create recurring automated actions.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The exchange implementations present themselves as swap logic but only generate random transaction hashes and simulated success results, so the system can record fake purchases as if real NEAR trades occurred. In a financial automation skill, this is dangerous because users or downstream systems may rely on fabricated execution history, balances, and performance metrics, leading to financial misreporting and unsafe operational decisions.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The code claims alert-channel integration but only logs alerts to stdout, which can cause operators to believe failure and success notifications are being delivered when they are not. In an automated trading context, missed failure alerts can delay detection of broken execution, stale credentials, or repeated purchase failures.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README documents a scheduled trigger that automatically executes token purchases every 5 minutes, but it does not prominently warn users that enabling the skill can autonomously spend funds from their configured account. In a financial/trading skill handling private keys and on-chain transactions, missing explicit consent and risk disclosure can lead to unexpected asset spending, losses from misconfiguration, or users deploying automation they do not fully understand.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The alert configuration encourages sending execution information to Discord, Telegram, or email but does not warn that transaction details, balances, strategy names, timings, or failures may be disclosed to third-party services. In a crypto trading context, such metadata can expose financial activity patterns and operational details that increase privacy and targeting risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description lacks an explicit warning that DCA plans may trigger recurring token purchases affecting real user funds. Because this is a financial automation skill, omission of that warning increases the chance of unintended transactions, misunderstanding of risk, and unsafe use in live accounts.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The cancellation command is ambiguous about what cancellation stops and whether already queued, in-flight, or externally scheduled purchases remain active. In a recurring trading workflow, unclear cancellation semantics can lead users to believe spending has stopped when future financial actions may still occur.

Missing User Warnings

High
Confidence
93% confidence
Finding
The action accepts a raw private key as an input parameter and forwards it to transaction execution logic, which creates a high-risk secret-handling pattern. In an agent skill context, parameters may be logged, cached, exposed to downstream tools, or mishandled by callers, and the code provides no warning, isolation, or safer signing flow.

Missing User Warnings

High
Confidence
84% confidence
Finding
The scheduled trigger automatically executes purchases, meaning real financial transactions can occur without an explicit per-execution confirmation visible in this file. In a crypto trading skill, autonomous trade execution is especially sensitive because misconfiguration, abuse, or hidden scheduling can directly cause unintended asset purchases and financial loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes a destructive `delete-strategy` action with no visible confirmation, warning, or safety constraints in the manifest. In a financial automation context, accidental or unauthorized deletion could remove active DCA configurations, disrupt trading plans, and potentially erase associated state needed for tracking or recovery.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill defines an automatic scheduled trigger that executes DCA purchases every 5 minutes without any explicit user-facing warning in the manifest about autonomous trading behavior. In a mainnet DeFi trading skill, this increases the risk of unintended or poorly understood live transactions, repeated purchases, and financial loss if scheduling, state, or strategy logic malfunctions.

Session Persistence

Medium
Category
Rogue Agent
Content
## Features

- Create DCA plans
- Cancel DCA plans
- List all DCA plans
- Track DCA performance
Confidence
72% confidence
Finding
Create DCA plans - Cancel DCA plans - List all DCA plans - Track DCA performance - Flexible scheduling (daily, weekly, etc.) ## Commands ### `near-dca create <token> <amount> <schedule> [account]` C

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal