ClawHub

Perp Lobster

Security checks across malware telemetry and agentic risk

Overview

This skill is a real crypto trading assistant, but it asks an agent to run remote code, use a wallet private key, approve fees, and place or automate live trades with some under-scoped safeguards.

Install only if you are comfortable with automated leveraged crypto trading risk. Review and pin the GitHub code before running setup, use a dedicated limited subaccount or trading key, never paste private keys into chat, require explicit confirmation for every fee approval, trade, test trade, and bot start, and verify bots can be stopped cleanly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The setup prompt tells the user that the script creates a venv, installs dependencies, and that 'No data is sent externally,' which is materially misleading in this context. The overall setup explicitly clones from GitHub and dependency installation commonly performs network fetches; understating external access can cause users to approve execution without understanding supply-chain or network risk.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Using a generic 'help' trigger is overly broad for a skill that can place trades and start bots, because ordinary user requests containing 'help' may invoke the trading command surface unexpectedly. In a financial skill, ambiguous activation increases the chance of unintended operational guidance or progression toward wallet-affecting actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documented flow executes `approve_builder_fee.py`, a wallet-affecting approval transaction, without an explicit confirmation step immediately before running it. In a trading skill handling real funds, approvals can authorize future spending behavior, so skipping a just-in-time confirmation meaningfully raises the risk of unintended on-chain actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file gives beginner-facing automated trading recommendations, including leverage and position sizing, without an explicit warning that users can rapidly lose funds through market moves, liquidation, and bot misconfiguration. In the context of a trading skill that can place live orders on a DEX, omission of clear loss-risk and automation-risk warnings can encourage unsafe deployment by inexperienced users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal