ClawHub

Binance-Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about Binance trading, but it gives broad live trading and leveraged-account authority with weak safety scoping.

Install only if you deliberately want an agent to help with a Binance account. Use testnet first, create a dedicated restricted API key with withdrawals disabled, restrict by IP where possible, keep balances low, protect the credential file, and require explicit confirmation before every order, cancellation, or leverage change. Treat the referral link as self-serving but disclosed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The manifest and top-level description emphasize analysis and risk calculation, but the document also includes direct account queries, live order placement, order cancellation, and leverage modification. This mismatch can cause users or supervising agents to grant trust or permissions intended for analysis-only behavior while enabling real financial actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The metadata marks the skill as always active, which increases the chance that trading-related instructions or capabilities are available outside a narrowly scoped user request. In the context of a financial skill that can place orders and change leverage, broad activation materially raises the risk of unintended or over-permissioned use.

Missing User Warnings

High
Confidence
94% confidence
Finding
The documentation provides ready-to-run commands for live futures and spot orders, stop loss/take profit placement, and leverage changes, including mention of up to 125x leverage, without a strong upfront warning that these actions affect real funds immediately. In a live exchange context, this can lead to rapid financial loss from accidental execution, misuse by an agent, or user misunderstanding.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The credential setup instructs users to store API keys and secrets in a file or environment variables but does not explain least-privilege key creation, filesystem permissions, avoiding shell history leakage, or restricting withdrawal/trading permissions. Because these secrets authorize access to exchange accounts, poor handling could expose account balances and enable unauthorized trading.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal