ClawHub

Alpaca Trading

Security checks across malware telemetry and agentic risk

Overview

This Alpaca skill is a disclosed trading integration, but it exposes live-account actions such as order placement and bulk cancellation with insufficient safeguards for some destructive commands.

Install only if you intentionally want an agent to access Alpaca. Start with paper trading, keep live API keys tightly controlled, require explicit user approval before any live order or cancellation, and avoid --force or cancel all unless you deliberately intend that exact action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires access to environment secrets, networked trading APIs, and local file writes, but it does not declare those permissions. This undermines policy enforcement and informed consent, especially because the capability set includes sensitive actions like placing trades and persisting data on disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared description emphasizes trading and market data, but the documented behavior also includes watchlist mutation, websocket streaming, and local alert persistence. This mismatch can cause reviewers or users to underestimate the skill's stateful and persistent behavior, increasing the chance of unintended activation or insufficient safeguards.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation text is broad enough to match common finance-related requests such as checking prices or portfolio questions, which may cause the skill to trigger in contexts where the user did not intend to authorize trading-capable tooling. Because this skill can access accounts and place orders, overbroad invocation criteria materially increase risk.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The file documents high-impact trading operations, including order placement and cancellation, without any cautionary guidance, confirmation requirements, or distinction between paper and live trading risk. In a trading skill, omission of safety context can lead an agent or user to perform financially destructive actions too casually, especially for live accounts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Cancelling all open orders is a destructive trading action with portfolio impact, yet the code performs it immediately when passed 'all' without a confirmation prompt. In a trading skill, accidental invocation or argument confusion can directly disrupt execution strategies and expose the user to financial loss or missed fills.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Deleting a watchlist without confirmation is a destructive state-changing action that can cause unintended loss of user configuration. While the impact is lower than order execution issues, it still creates avoidable risk of accidental data loss in a financial workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Clearing all locally stored alerts overwrites the alerts file immediately and irreversibly without warning. This can silently erase monitoring state and cause users to miss price conditions they relied on for trading decisions.

Session Persistence

Medium
Category
Rogue Agent
Content
### Watchlist
```bash
python3 scripts/alpaca_cli.py watchlist list
python3 scripts/alpaca_cli.py watchlist create "Tech Stocks" AAPL,MSFT,GOOGL
python3 scripts/alpaca_cli.py watchlist add WATCHLIST_ID NVDA
python3 scripts/alpaca_cli.py watchlist delete WATCHLIST_ID
```
Confidence
77% confidence
Finding
create "Tech Stocks" AAPL,MSFT,GOOGL python3 scripts/alpaca_cli.py watchlist add WATCHLIST_ID NVDA python3 scripts/alpaca_cli.py watchlist delete WATCHLIST_ID ``` ### Stream Live Data (Websocket) ```

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### DELETE /v2/orders/{order_id}
Cancel order.

### DELETE /v2/orders
Cancel all orders.

## Order Types
Confidence
83% confidence
Finding
DELETE /v2/orders

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal