ClawHub

NOFX AI Trading

Security checks across malware telemetry and agentic risk

Overview

This is a coherent NOFX crypto-trading skill, but it asks agents to handle live trading, credentials, deployment scripts, and scheduled reports with safeguards that are too light for the financial impact.

Install only if you intentionally want an agent to assist with a live crypto-trading platform. Use paper trading or isolated sub-accounts first, disable withdrawals, apply least-privilege and IP-restricted API keys, avoid unreviewed curl-to-bash installs, require explicit confirmation before activating strategies or starting traders, and do not expose the service over plain HTTP.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill embeds shell-capable instructions via multiple curl examples but does not declare corresponding permissions or execution expectations. In an agent environment, hidden or undeclared shell capability increases the chance that the agent will make network requests with sensitive credentials in ways the user did not explicitly authorize.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells users to store API keys and account-related data in config and to authenticate requests, but it provides no guidance on secret handling, least privilege, redaction, or avoiding exposure through logs and command history. Because this skill targets a live trading platform, exposed credentials could grant access to sensitive account data and potentially enable trading actions through connected systems.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to create, save, and activate trading strategies without warning that activation may immediately influence live automated trading behavior and real funds. In a trading context, omitting a confirmation step before activation materially increases the risk of accidental deployment of untested or misconfigured strategies.

Missing User Warnings

High
Confidence
98% confidence
Finding
The trader-management section describes creating and starting traders with connected exchanges but does not warn that these actions can trigger live automated orders. In this context, an agent could operationalize real trading on behalf of a user without adequate acknowledgment, creating immediate financial-loss risk from mistakes, prompt confusion, or unsafe automation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide provides direct browser automation steps to start or stop traders, which are live trading actions with real financial consequences, but it omits any requirement for explicit user confirmation, environment validation, or safety checks. In a crypto trading skill, this context makes the issue more dangerous because an agent could execute unintended trades or disable active strategies on a real logged-in account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The import workflow allows pasting or uploading strategy JSON that can change trading behavior, risk controls, and execution parameters, yet the guide gives no warning about configuration modification or validation requirements. In this skill's trading context, that is especially risky because malformed, malicious, or simply incorrect strategy definitions could alter live trading setup and lead to financial loss.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The guide instructs users to fetch and immediately execute a remote shell script with `curl ... | bash`, which gives arbitrary code from a mutable remote source direct execution on the host. This is especially dangerous in deployment documentation because users are encouraged to run it with high trust and often elevated privileges, without review, checksum verification, or pinning to an immutable release.

Missing User Warnings

High
Confidence
99% confidence
Finding
The server deployment section explicitly says transport encryption is disabled by default and suggests direct HTTP access by IP, which exposes credentials, API keys, session tokens, and trading activity to interception or modification over untrusted networks. In a crypto trading platform context, this is more dangerous because the initial configuration includes exchange API credentials and AI model keys that could enable account compromise or financial loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file gives step-by-step instructions to create exchange API keys and enable live trading permissions, but it does not prominently warn users that these credentials can execute real trades and must be protected like secrets. In a trading-focused skill, this omission increases the chance that users overprovision access, mishandle keys, or connect production accounts without understanding the financial risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The DEX sections instruct users to connect wallets and authorize API creation/signatures without a clear warning that wallet approvals and signatures can expose funds or enable unwanted trading actions. Because this skill is specifically for crypto trading operations, users may treat these steps as routine and underestimate the account and authorization risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The FAQ instructs users to update by piping a remotely fetched script directly into bash, which executes whatever content is served at that URL without prior inspection or integrity verification. In a trading-related skill, compromise of the GitHub account, repository, network path, or installation endpoint could lead to arbitrary code execution on systems that may store exchange API keys, model credentials, and trading infrastructure secrets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This guide presents concrete leveraged grid-trading configurations and optimization advice without an explicit warning that users can incur rapid and substantial losses, especially when leverage amplifies drawdowns and liquidation risk. In a trading-agent skill, omission of risk disclosure can encourage unsafe deployment by users who may treat the examples as endorsed operational settings rather than educational illustrations.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script appends the API key to the URL query string for every request (`?auth=$API_KEY`). Query-string secrets are commonly exposed through shell history, process listings, proxy/load-balancer logs, monitoring tools, browser/history equivalents in wrappers, and upstream server access logs. In a trading integration, exposure of this credential could allow unauthorized access to account-scoped market data or other NOFX platform capabilities tied to the key.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal