ClawHub

Binance Spot Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Binance trading skill, but it can place live market orders and use private exchange credentials without enough built-in guardrails for automatic use.

Install only if you are prepared for real Binance spot trades to be placed from the configured account. Use a Binance sub-account, disable withdrawals, IP-restrict keys, start with read-only or testnet/paper trading if available, and do not provide trading-enabled API keys until you have reviewed the order limits and confirmation behavior yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares required environment variables but does not explicitly declare permissions despite clearly requiring network access, file writes, and secret handling. This weakens platform-level safety controls and reviewability for a skill that can place real financial trades using exchange API keys and an external LLM service.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This reference documents live authenticated Binance trading and cancellation endpoints but does not warn that these operations can place or cancel real orders on a funded account. In the context of an autonomous trading skill, that omission increases the chance that an agent or user will treat the endpoints as routine examples and trigger unintended market actions with financial loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document presents simplified 'strong buy' and 'strong sell' signals as actionable guidance without any warning that technical indicators are probabilistic, can fail in volatile markets, and may cause financial loss. In the context of an autonomous Binance spot trading bot, this is more dangerous because the guidance may be consumed directly by users or downstream automation as authoritative trading logic.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script automatically loads Binance API credentials from environment variables and uses them without any user-facing disclosure, consent prompt, or safety notice. In an agent skill context, silent access to trading credentials is sensitive because merely invoking the skill can expose account data or enable authenticated actions beyond what a user may expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code makes an authenticated request to the Binance /api/v3/account endpoint, which retrieves private account balance information, but there is no explicit disclosure to the user that private exchange data will be accessed. In an autonomous trading skill, this increases risk because the skill can silently inspect sensitive financial holdings once credentials are present.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill sends trading-context data to an external LLM provider without explicit user consent, disclosure, or controls. In a trading bot context, even if the payload is limited to market data and derived indicators, this leaks strategy-related telemetry and creates a third-party dependency in live trading decisions.

Missing User Warnings

High
Confidence
98% confidence
Finding
This function places live market buy and sell orders directly against a real Binance account with no dry-run mode, no confirmation gate, and no kill switch. In the context of an autonomous trading skill, that makes mistakes, prompt/model errors, bad configuration, or unexpected market conditions immediately translate into financial loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal