ClawHub

Weather High-Temp Sniper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed real-money trading bot, but it needs Review because automated/live execution can trade or redeem funds with confusing defaults and weak safeguards.

Install only after reviewing the live execution path. Run in dry-run mode first, use a dedicated low-balance wallet or managed account, disable automatic redemption unless you explicitly want it, replace/rotate any Telegram token used in examples or browser URLs, and pin or lock dependencies before relying on this for real-money automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The comment says the bot should consider buying when probability is less than or equal to the threshold, while the skill description says it trades when the YES price exceeds a threshold. In a real-money trading skill, contradictory configuration guidance can cause operators to set the threshold backwards, resulting in unintended trades and systematic financial loss.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill description says it discovers markets and trades them, but the implementation also imports new markets into Simmer and automatically redeems positions. Those are additional state-changing financial operations that expand the blast radius and can consume quota, modify account state, or trigger unintended wallet actions without being clearly disclosed to the user.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The code comment says the trading logic is unchanged, but check_context_safeguards broadens eligibility from the described 9-10 AM local window to any time from 9 AM to 4 PM local. In an automated trading skill, this materially changes execution behavior and can cause trades far outside the user-expected strategy window, increasing financial risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README includes a live-looking Telegram bot token in plaintext rather than an obvious placeholder. Even in documentation, publishing credential-shaped secrets can expose a real bot to takeover, message interception, abuse, or phishing if the token is valid; in a trading skill, that also risks leaking alerts or operational details tied to live market activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Publishing a real-looking secret token format in setup instructions can lead users to copy, reuse, or accidentally commit credentials, and may even expose an actual token if it was not generated solely as a dummy value. In a bot that supports Telegram notifications, leaked bot tokens enable unauthorized message sending, bot abuse, or operational spoofing against the user.

Missing User Warnings

High
Confidence
95% confidence
Finding
When run with --live or AUTOMATON_MANAGED, the skill performs live trading and redemption automatically, using loaded credentials and wallet access without a per-run or per-action confirmation. For software that can place financial orders and redeem positions, lack of an explicit confirmation safeguard creates a high risk of unintended real-money actions from misconfiguration, automation triggers, or operator misunderstanding.

Ssd 3

High
Confidence
99% confidence
Finding
This is a true secret-exposure issue: the README contains a realistic Telegram bot token format in plain text, which may be harvested automatically from public repositories or logs. Because the skill sends trade confirmations, errors, and status messages, compromise of the token could let an attacker read or spoof operational notifications and potentially social-engineer the operator during live trading.

Unpinned Dependencies

Low
Category
Supply Chain
Content
simmer-sdk>=0.1.0
requests>=2.28.0
python-dotenv>=0.21.0
pytz>=2022.7
Confidence
92% confidence
Finding
simmer-sdk>=0.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
simmer-sdk>=0.1.0
requests>=2.28.0
python-dotenv>=0.21.0
pytz>=2022.7
Confidence
98% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
simmer-sdk>=0.1.0
requests>=2.28.0
python-dotenv>=0.21.0
pytz>=2022.7
Confidence
88% confidence
Finding
python-dotenv>=0.21.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
simmer-sdk>=0.1.0
requests>=2.28.0
python-dotenv>=0.21.0
pytz>=2022.7
Confidence
87% confidence
Finding
pytz>=2022.7

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
73% confidence
Finding
python-dotenv

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal