ClawHub

binance-spot-trader

Security checks across malware telemetry and agentic risk

Overview

This Binance trading skill is coherent, but it can automatically place real market orders with real funds and no built-in confirmation or paper-trading default.

Review before installing. Use Binance API keys with withdrawals disabled, IP restrictions, and limited funds in a sub-account. Do not run this against a real account until you have added or verified paper trading, testnet support, explicit live-trading opt-in, and hard risk limits. Also confirm you trust the SkillBoss/HeyBoss LLM endpoint with trading context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation presents 'strong buy' and 'strong sell' signals as prescriptive trading guidance without any cautionary framing, uncertainty discussion, or statement that indicators can produce false signals. In the context of an autonomous Binance spot trading skill, such language can directly influence automated or user-approved financial decisions and increase the chance of harmful trading behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The bot can place real Binance MARKET orders automatically based on internal logic and an external LLM score, with no user confirmation, dry-run default, circuit breaker, or explicit runtime safeguard. In a trading skill, this context makes the issue more dangerous because it directly controls a financial account and can cause immediate irreversible losses from bad signals, bugs, or prompt/model errors.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code sends trading context for each symbol to a third-party LLM service without any clear user consent, minimization controls, or trust boundary protections. While the transmitted data here is market data rather than exchange secrets, in an autonomous trading bot this external dependency can influence buy decisions and exposes strategy behavior to an outside service, increasing privacy, integrity, and supply-chain risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal