ClawHub

Hummingbot Market Maker

Security checks across malware telemetry and agentic risk

Overview

This trading skill mixes crypto Hummingbot claims with A-share/ZVT stock workflows, creating real review concerns before any financial use.

Review carefully before installing. Do not use this skill for live trading until the publisher makes the market, framework, and execution scope consistent, adds explicit financial-risk warnings, and requires clear user confirmation for any order-capable or credential-using workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to implement Hummingbot-based crypto market making and arbitrage, but the user-interaction section pivots to A-share/HK stock data providers, stock factors, and backtesting inputs unrelated to the stated crypto scope. This scope confusion can cause the agent to apply the wrong workflow, request inappropriate credentials or market inputs, and execute unintended financial actions in a high-risk trading context.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The human summary describes a different capability set (ZVT-based A-share quant research/backtesting) than the manifest (Hummingbot crypto market-making/arbitrage). This kind of identity mismatch is dangerous because it can cause the platform or user to invoke the skill under false assumptions, potentially routing sensitive trading requests to an unintended implementation or masking the skill’s real behavior.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation explicitly claims the skill builds A-share quant strategies with ZVT, directly contradicting the declared Hummingbot crypto market-maker intent. In a trading context, such contradictory documentation increases the risk of operator confusion, incorrect task delegation, and concealment of actual skill behavior, which can lead to harmful financial actions or bypass of review controls.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file is a severe skill-identity mismatch: metadata says this is a Hummingbot crypto market-making/arbitrage skill, but the seed config is overwhelmingly for ZVT A-share quant/backtesting workflows. This can route users into the wrong execution, install, preconditions, constraints, and output paths, creating dangerous confusion in a finance context where users may rely on the declared capability to make trading decisions or run code against the wrong stack.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The user-facing documentation explicitly advertises A-share/ZVT assistance while the surrounding skill metadata presents a Hummingbot crypto-trading capability. In a high-risk financial automation setting, contradictory docs materially increase the chance of operator error, incorrect trust assumptions, and execution of unsuitable workflows or code.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation rule triggers when intent loosely matches positive terms and the user uses generic action verbs like run, execute, backtest, fetch, or collect. In a trading skill, this is dangerous because ordinary market discussion or data requests may unintentionally activate order-capable logic and lead to unauthorized or unexpected trading-related actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Several trigger phrases such as funding rate, arbitrage, xemm, cross-exchange, and market making are broad enough to overlap with benign discussion, education, or analysis requests. Because this skill concerns automated trading, generic trigger matching increases the chance of accidental activation and inappropriate escalation from conversation into execution workflow.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises automated crypto market making and arbitrage but does not warn about financial loss, leverage risk, liquidation, exchange/API risk, or the possibility of unintended order placement. In an execution-capable trading context, omission of risk disclosure makes unsafe use more likely and reduces the chance that users will distinguish simulation, backtesting, and live trading.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The wording 'Just tell me what you want; I'll write the code' is broad and lacks clear boundaries, making accidental invocation or overbroad task capture more likely. In an automated trading skill, vague trigger scope is risky because users may unintentionally engage code generation or trading-related workflows without understanding the specific system or market context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The repeated tagline reinforces an ambiguous trigger scope without exclusions, increasing the chance the skill is selected for loosely related quant or coding requests. Repetition of broad claims can amplify misrouting and user misunderstanding, especially when the rest of the file already conflicts with the manifest’s intended domain.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file documents automated trading, leverage, arbitrage, liquidity provision, and execution strategies that can cause real financial loss, liquidation, or unintended market exposure, but it does not present any user-facing warnings about capital risk, leverage risk, exchange/counterparty risk, or strategy failure modes. In the context of an agent skill intended to drive Hummingbot-based trading actions, the absence of explicit risk disclosures makes unsafe operation more likely, especially for users who may treat the listed use cases as endorsed safe defaults.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The execute trigger matches broad positive terms plus generic action verbs like run/execute/跑/执行, which can cause accidental invocation on ordinary conversation. In a skill with trading and code-generation semantics, unintended activation is risky because it may start precondition checks, route users into execution flows, or prepare financial automation without deliberate intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Sample trigger phrases such as generic market-making or monitoring terms are broad enough to overlap with normal user discussion. Because this skill concerns trading-related actions, accidental routing could cause the system to present or prepare risky workflows under the mistaken belief that the user requested execution.

Missing User Warnings

High
Confidence
95% confidence
Finding
The manifest advertises live trading, arbitrage, leverage, and market-making capabilities without a clear upfront financial-risk warning. In this context, omission is dangerous because users may interpret the skill as safe for direct deployment despite numerous constraints showing liquidation, slippage, and execution risks.

Ssd 3

Medium
Confidence
81% confidence
Finding
The protocol instructs the agent to consult host conversational memory before proceeding, which creates a real risk of incorporating prior user data into current outputs without clear minimization or consent boundaries. In a finance skill, this could leak prior holdings, credentials context, strategies, or other sensitive trading information across sessions or tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal