ClawHub

aiusd-pro

Security checks across malware telemetry and agentic risk

Overview

This skill is clearly a trading assistant, but it delegates real financial actions to an unpinned external CLI and backend with broad activation, persistent session context, and raw output sharing.

Review carefully before installing. Use only if you trust the `aiusd-pro` npm package and AIUSD backend, understand the login permissions, and are prepared to require exact confirmation of asset, amount, venue, leverage, fees, and risk before any trade, stake, cancellation, or position change. Avoid sharing raw backend links or outputs beyond the authenticated user.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation guidance is broad enough to trigger this skill for nearly any finance- or token-related request, despite the skill being able to initiate trading and position management. In a high-risk trading context, ambiguous routing increases the chance the agent invokes a powerful external trading backend without sufficiently narrow user intent or safety gating.

Ssd 3

Medium
Confidence
93% confidence
Finding
Instructing the agent to relay backend output verbatim can expose sensitive data returned by the backend, including balances, account details, transaction metadata, or session-related URLs, without any redaction or relevance filtering. For a trading skill, this is especially risky because backend responses may contain financial information and browser links that enable continuation of an authenticated session.

Ssd 3

Medium
Confidence
86% confidence
Finding
Persisting full multi-turn conversation history means sensitive user-provided financial instructions, balances, wallet details, and prior confirmations may be retained and resurfaced in later turns. In a trading workflow, this increases the blast radius of prompt confusion, accidental disclosure, or unintended reuse of stale context for future actions.

Ssd 3

Medium
Confidence
95% confidence
Finding
The explicit rule to relay stdout as-is and always include the browser conversation link creates unconditional disclosure of whatever the backend emits, including potentially sensitive financial data, internal errors, and authenticated conversation URLs. Because this skill handles trading and account operations, such disclosures can directly leak private account context or facilitate unauthorized session continuation if exposed to the wrong party.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal