ClawHub

Trading Signals Ws

Security checks across malware telemetry and agentic risk

Overview

This is a coherent trading-alert skill that uses public market data and Telegram notifications, with disclosed but important setup risks around credentials, persistence, and an optional hosted API.

Install only if you are comfortable running a local market-monitoring bot. Use a virtual environment, protect the Telegram bot token as a secret, avoid committing config.py, run the service under a dedicated non-root user if enabling systemd, and skip the tinyore hosted API unless you trust that provider with your email and API usage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill is presented as a local WebSocket trading bot, but the documentation adds an unrelated hosted commercial API and upgrade path. This expands the trust boundary from a local, user-controlled workflow to a third-party service, which can mislead users into sending data or relying on external infrastructure they did not intend to use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The subscription example posts a user's email address to an external service without any notice about privacy, storage, sharing, or retention. This can lead users to disclose personal data under the assumption they are only following local setup instructions, creating unnecessary privacy and phishing risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation tells users to place a Telegram bot token directly into source config or shell environment exports but does not explicitly identify it as a secret credential that must be protected. That increases the likelihood the token will be committed to version control, shared in screenshots, logs, or copied into insecure deployment workflows, allowing anyone with the token to control the bot and send or read bot-related messages depending on bot usage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal