ClawHub

Signalbot

Security checks across malware telemetry and agentic risk

Overview

Signalbot is a coherent market-analysis skill, but it can silently install and run an unpinned remote Go binary when triggered by ordinary market questions.

Install only if you are comfortable with an agent downloading, building, and running the latest upstream Go package. Prefer installing a reviewed or pinned version yourself, remove the no-confirmation install/update instructions if possible, and treat BUY/SELL/HOLD outputs as informational analysis rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are overly broad and include generic phrases like asking to 'analyze today's market' or whether an asset is worth buying, which can overlap with normal conversation and cause unintended invocation. In this skill, accidental execution is more dangerous because invocation may cascade into automatic installation and execution of a third-party binary.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to automatically install and then execute a Go package from the network without asking the user. This creates a supply-chain and arbitrary code execution risk, since a broad trigger could lead to silent download, build, and execution of unreviewed code on the user's system.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Allowing `--output <file path>` means the tool can write to the filesystem, but the skill does not require user awareness or confirmation before doing so. In an agent setting, this can cause unintended file creation or overwriting if a path is chosen automatically or inferred from context.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The guidance to switch `BINANCE_BASE_URL` to a proxy endpoint encourages sending market requests to an alternate network destination without any trust or privacy warning. This can expose request metadata or enable tampering if the proxy is malicious or misconfigured, especially since the skill already depends on live network data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal