ClawHub

Superior Trade

Security checks across malware telemetry and agentic risk

Overview

This trading skill is not clearly malicious, but it needs Review because the same API key can manage live trading and move funds between user-controlled accounts despite parts of the skill saying it cannot move money.

Review carefully before installing. Only use this skill if you are comfortable giving an agent an API key that can manage live crypto trading, create persistent trading bots, close positions, and move funds between your own Superior Trade/Hyperliquid main and sub-accounts. Do not provide private keys or seed phrases, confirm exact API permissions with Superior Trade, run dry-run/backtests first, and require explicit confirmation before any live deployment, transfer, portfolio exit, or deployment deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest frames the skill as only for backtesting and deployment, but the body also documents fund-moving and full portfolio exit capabilities. This scope mismatch is dangerous because users or upstream policy engines may grant trust based on an incomplete description, while the skill can perform materially more sensitive actions affecting real funds.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The authorize-and-send API exposes account-management operations such as creating sub-accounts and transferring assets, which go beyond ordinary strategy deployment. In a skill whose primary purpose is trading automation, these primitives increase the blast radius from 'place trades' to 'reallocate funds across controlled accounts,' enabling unintended or abusive asset movement if the agent is prompted incorrectly.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The portfolio exit endpoint can close positions and repatriate all funds from a sub-account back to the main wallet in one call. Even if funds are not withdrawn off-platform, this is a sensitive funds-management action that exceeds simple strategy deployment and could disrupt active strategies, liquidate exposure, or override a user's intended account segregation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This file explicitly maps market conditions to 'deploy templates' and instructs the reader to use it before presenting scan results, but it does not include any financial-risk, suitability, or loss warning. In a trading/deployment skill, that omission can make automated recommendations appear more authoritative and action-ready than they are, increasing the chance of users treating speculative strategies as safe or endorsed.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The recipe is triggered by very broad phrases like 'what's hot' and 'what should I trade', which can easily overlap with ordinary market discussion and cause the workflow to activate when the user did not intend to initiate a trade-discovery-and-deployment flow. In a trading skill, unintended invocation is more dangerous because it can steer a user into strategy selection and eventual deployment steps tied to real financial risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow explicitly instructs submitting Hyperliquid wallet credentials during deployment but provides no warning, consent flow, secure-handling guidance, or restriction on how secrets are collected and stored. In this context, credential collection is especially sensitive because compromise of wallet credentials can directly enable unauthorized trading or asset loss.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description uses very broad trigger language such as 'Use when adding a regime filter to any directional strategy' and a long list of generic aliases, which can cause the agent to invoke this skill for loosely related requests rather than only for clearly scoped regime-overlay tasks. In an automated trading skill, overbroad activation is risky because it can silently steer strategy design and deployment decisions with aggressive defaults and performance claims, even when the user's intent is different.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description contains broad trigger phrases like 'Use when writing' plus multiple generic strategy aliases, which can cause this skill to be invoked for a wide range of trading-related prompts beyond the author's likely intent. In an agent environment, overbroad matching increases the chance that users are steered into leveraged trading strategy generation without deliberate selection or adequate suitability checks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The file provides deployable live futures trading guidance, including exchange, margin mode, stake sizing, and deployment recommendations, but does not include an explicit warning about real-money loss, leverage risk, liquidation, or that backtest performance does not guarantee future results. In context, this is more dangerous because the skill is not merely educational—it presents an operational path to live futures deployment that a user may follow directly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends a recurring buy strategy that keeps adding capital over time while explicitly describing effectively disabled exits (`stoploss = -0.99`, no exit trend) without a prominent user-facing risk warning. In a live trading context, this can cause users to accumulate large underwater positions and continue deploying funds without understanding the compounding exposure or lack of downside protection.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document provides a complete order-generating implementation and deployment config for a managed cloud trading environment, but does not prominently instruct users to validate behavior in dry-run or paper-trading mode before going live. Because the strategy automatically places recurring orders, mistakes in stake sizing, schedule logic, or exchange configuration can immediately lead to unintended live trades and ongoing losses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill includes a deployment-ready configuration for live short futures trading (`trading_mode: futures`, isolated margin, real pair whitelist) without an explicit risk warning about leverage, liquidation, or the possibility of rapid losses. In this context, users may treat the strategy as production-ready because of the strong performance claims, which increases the chance of unsafe real-money use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill actively promotes a futures funding-arbitrage strategy as something that 'actually works' and includes deployment-ready configuration, but it does not present an upfront warning about leveraged futures risk, liquidation, basis risk, exchange/counterparty risk, or the possibility of losses exceeding expectations. In this context, the omission is materially dangerous because the content encourages live trading on perpetual futures and even suggests scaling to multiple pairs, which can lead users to deploy risky strategies without understanding the hazards.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file provides executable Freqtrade strategy code plus a concrete futures configuration, but does not include a prominent live-trading risk warning near the deployable content. In this context, users may interpret the backtest results and detailed config as endorsement for real-money use, which can lead to financial loss, especially given leverage/futures trading and regime-sensitive performance.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal