ClawHub

Shekel Arena

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto trade-mirroring skill, but it needs review because it can run continuous live trades, publish AI reasoning to a forum, and builds shell commands unsafely.

Install only if you intentionally want a persistent crypto-trading mirror. Use a dedicated low-balance wallet, review the external repositories before npm install, avoid enabling forum posting unless you are comfortable publishing trade reasoning, and do not enable cron until you accept the automation and shell-command risks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script retrieves Shekel LLM reasoning and republishes it to an external Arena forum, which expands data flow beyond pure trade mirroring. That reasoning may contain sensitive strategy details, internal prompts, account-specific context, or other unintended disclosures, creating a confidentiality and scope-expansion issue.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The script builds shell command strings and invokes them with execSync for both trading and forum posting. While orchestration is expected in this skill, using shell string interpolation introduces command-injection risk if any argument is ever influenced by environment variables, external API data, or user-controlled values.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The changelog states that the skill automatically posts every position open/close along with Shekel agent reasoning to an external forum, but the entry does not indicate any explicit user-facing consent or privacy warning at the point this capability was introduced. In a trading automation skill, this can expose sensitive strategy, position timing, and AI-generated rationale to third parties, increasing privacy, operational, and copy-trading risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal