ClawHub

Neuro Scalp

Security checks across malware telemetry and agentic risk

Overview

This is a real-money crypto trading automation skill whose live-order path is purpose-aligned but under-scoped enough that users should review it carefully before installing.

Install only if you are prepared to audit and modify it before use. Treat it as review-required financial automation: confirm sandbox/testnet enforcement, add an explicit live-trading opt-in, set strict order and drawdown limits, validate the backtest data path behavior, and do not provide live OKX credentials until those controls are in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The method contract and logging imply user-supplied market data will be loaded, but the implementation silently ignores the provided path and generates synthetic data instead. In a trading/backtesting context, this can mislead users into trusting fabricated performance results, causing unsafe downstream decisions based on nonexistent or unvalidated data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes a fully automated, always-on crypto trading bot that can place live orders on a real exchange, but it does not prominently warn about the substantial risk of financial loss, model failure, market volatility, leverage risk, or autonomous execution hazards. In this context, the omission is dangerous because users may interpret the skill as production-ready guidance and deploy high-risk automation without adequate safeguards, human oversight, or paper-trading validation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The page opens a plaintext WebSocket using `ws://`, which allows any intermediary on the network to observe or tamper with live metrics and trade-event traffic. In this dashboard context, the data appears to include trading activity and performance information, so a man-in-the-middle could leak sensitive business data or inject falsified metrics into the UI.

Missing User Warnings

High
Confidence
97% confidence
Finding
The code automatically sends trading signals to the execution engine once a model threshold is crossed, with no interactive confirmation, dry-run default, kill switch validation, or explicit paper-trading guard visible in this file. In an agent skill context, this is dangerous because simply running the skill with valid credentials can trigger unintended live orders and direct financial loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file pulls live exchange credentials from environment variables and immediately wires them into the execution engine without any visible disclosure, consent flow, or validation that the user intends live trading. In a trading automation skill, hidden credential use materially increases the risk of surprise real-market actions when deployed in environments where secrets are already present.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal