ClawHub

Aionmarket Sdk Divergence Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real trading skill, but it gives an agent broad financial-account powers that are not tightly scoped to the stated single-market dry-run wrapper.

Install only if you intend to connect an agent to AION and trading credentials. Keep it in dry-run unless deliberately placing live trades, disable or review the scheduled run, and require explicit confirmation before credential registration, spending approvals, live orders, bulk order cancellation, or redemption.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The stated purpose is a narrow divergence-trading wrapper, but this section expands into wallet bootstrap, credential registration, and risk-setting administration. That scope expansion increases the blast radius from 'decide whether to trade' to 'configure account access and trading controls,' which can enable unintended account modification if a caller trusts the skill description literally.

Description-Behavior Mismatch

Medium
Confidence
75% confidence
Finding
The skill is described as operating on a specific market with a provided probability estimate, but this later section encourages periodic briefings, scanning opportunity markets, and broader discovery workflows. That mismatch can cause an agent to use the skill for autonomous market exploration and trading decisions beyond the user’s original intent.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The skill initially presents a cautious safety model where live execution requires explicit '--live', but later guidance normalizes non-blocking trade execution defaults. Conflicting safety guidance is dangerous in a financial/trading skill because operators may assume stronger confirmation semantics than the document actually enforces.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The live-trade example shows that adding '--live' is sufficient to place a real trade, but the documentation does not require an explicit user confirmation checkpoint or warning before financial execution. In a skill that can consume API keys and wallet credentials, that omission materially raises the chance of accidental or unauthorized live orders.

Missing User Warnings

High
Confidence
95% confidence
Finding
This section explicitly instructs the agent to report final order parameters 'without blocking on extra confirmation,' which enables autonomous order placement with no final user checkpoint. In the context of trading and secret-backed wallet execution, this is a direct unsafe-action pattern that can lead to unintended financial loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal