ClawHub

Cryptocurrency Trader

Security checks across malware telemetry and agentic risk

Overview

This looks like a real crypto-analysis tool rather than malware, but its live-trading framing, overstated safeguards, optional LLM data sharing, and local persistence warrant Review before installation.

Install only if you are comfortable running a Python crypto-analysis tool that contacts public exchange APIs, may store local accuracy data, and can send chat or analysis context to OpenAI or Anthropic if the LLM assistant is used. Treat all trade outputs as educational decision support, not execution approval, and do not rely on the production-ready or zero-hallucination claims for real-money trading without independent review and paper testing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable workflows, Python entry points, package installation, and direct module imports, but the manifest text shown does not declare corresponding permissions. That creates a transparency and containment problem: a host may permit a skill to read environment variables or access files without users or reviewers understanding that those capabilities are needed. In a trading context, undeclared env/file access is more sensitive because API keys, account data, logs, and locally stored trading history may be exposed or modified.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is narrow trading analysis, but the referenced behavior expands into LLM API use, persistent learning/storage, health monitoring, broader market analysis, and interactive assistant functions. This mismatch prevents informed consent and weakens threat modeling, because operators may approve a market-analysis skill that actually transmits data to external model providers and stores user or trade data locally. In a financial skill, hidden expansion of scope is especially dangerous because it can affect sensitive portfolio information, strategy data, and decision-making trust.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The assistant forwards user prompts, conversation history, and analysis-derived context to third-party LLM APIs, creating a real data disclosure boundary that is separate from the core trading engine. In a trading context, prompts may contain portfolio details, strategies, or other sensitive financial information, and the code does not implement minimization, consent, or redaction before transmission.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The file introduces a conversational LLM-powered assistant that materially expands the skill's behavior beyond a deterministic trading agent, increasing attack surface and changing trust assumptions. In practice, this can cause users or integrators to rely on a generative component with networked data sharing and non-deterministic output that is not clearly reflected in the skill description.

Intent-Code Divergence

Medium
Confidence
77% confidence
Finding
The documentation and prompt framing present the assistant as highly authoritative and 'zero-hallucination' style, while the implementation relies on generative LLM responses for explanations and interaction. In a financial trading skill, this mismatch can cause unsafe over-trust in model output and lead users to act on inaccurate or fabricated reasoning.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata advertises advanced quantitative capabilities such as Bayesian inference, Monte Carlo simulation, VaR/CVaR/Sharpe, and chart-pattern recognition, but the protocol only documents basic RSI/MACD/ATR heuristics and simple rule-based trade selection. In a financial trading context, this mismatch can cause operators to overtrust the system's rigor, leading to unsafe automated trading decisions, mis-sized risk, and compliance or fraud concerns due to materially misleading claims.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The protocol presents stop-hunt detection and support/resistance identification as numbered steps in the core analysis workflow, then states both are not implemented. This creates a false impression that important market-structure checks are active, which can cause users or downstream agents to rely on nonexistent safeguards when generating live trading recommendations.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill metadata and module framing claim production-grade, advanced mathematical modeling and cross-verified analytics, but the implementation is a relatively simple BTC-only heuristic engine. In a financial trading context, this mismatch can mislead users or downstream agents into over-trusting outputs and making materially risky decisions based on weaker analysis than advertised.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The docstring states that BTC dominance and broader market context are analyzed, but the code only fetches BTC/USDT OHLCV data and never computes dominance or true market-wide measures. In a trading agent, this creates a dangerous trust gap: consumers may believe they are receiving diversified market-context signals when they are actually getting a narrow single-asset heuristic.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill markets itself as a production-grade trading agent with Bayesian inference, Monte Carlo simulation, VaR/CVaR/Sharpe, pattern recognition, and cross-verification, but the implementation only uses simple RSI/MACD/ATR/Bollinger heuristics and basic position sizing. In a financial-trading context, this mismatch can materially mislead users into overtrusting the system's capabilities and taking real-money actions based on false assurances of rigor and safety.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file claims it 'prevents hallucinations' and presents recommendations as protected by anti-hallucination controls, but the actual checks only validate data consistency/freshness and do not ensure analytical correctness or safe trading decisions. In a beginner-focused crypto trading tool, this framing can create unjustified trust and cause users to treat speculative outputs as reliably safe.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This test is intended to verify that valid market data passes integrity validation, but it catches any exception and then unconditionally passes with `self.assertTrue(True)`. That masks real failures in the validation path, allowing broken or bypassed validation logic to ship undetected. In a cryptocurrency trading skill, weakened validation is more dangerous because downstream analytics and trading decisions may rely on malformed or inconsistent OHLCV data.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The document provides installation and execution commands that perform system changes (`pip install`, copying files, unzipping archives) and run the skill without any warning about dependency trust, local filesystem modification, or possible network/API access during execution. In a security-sensitive agent ecosystem, such ready-to-run instructions can encourage users to execute unreviewed code directly, increasing the chance of supply-chain or unintended-execution risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Automatically assuming a $10,000 balance when the user provides none can produce materially misleading position sizing, risk calculations, and trading recommendations. In a real trading context, this can nudge users toward inappropriate risk tolerance or create outputs that look precise and execution-ready despite being based on fabricated financial inputs. The skill’s 'production-grade' framing makes this more dangerous because users may place undue trust in the generated recommendations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User messages and accumulated conversation history are sent to external LLM APIs without a clear runtime warning or consent mechanism. Because this is an interactive trading assistant, users may disclose sensitive financial intentions, holdings, or strategies, making undisclosed third-party transmission a meaningful privacy and security issue.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code serializes trading analysis results and uses them to prompt an external LLM for explanation, potentially exposing account-related or strategy-related information without explicit notice. In a cryptocurrency trading context, even derived analytics can reveal positions, risk appetite, and decision logic that should not be silently shared with third parties.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation presents sophisticated trading analysis, execution-blocking logic, and production-readiness language without any clear financial-risk warning, limitation-of-liability notice, or statement that outputs should not be treated as investment advice. In a cryptocurrency trading skill, this omission can materially increase user overreliance on the system’s outputs and encourage real-money decisions based on AI-generated analysis, especially because the file repeatedly emphasizes 'zero hallucination tolerance' and 'production' quality, which can create unwarranted trust.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends moving trading changes into production with only operational precautions like small position sizing and monitoring, but it omits any explicit warning about financial loss, market volatility, or suitability for users. In the context of a production-grade cryptocurrency trading skill, this can encourage unsafe real-world deployment of unverified strategy changes and increase the chance of users suffering avoidable financial harm.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The document instructs fetching live exchange data and later describes automated scanning across many trading pairs, but it does not warn users that the skill performs network access and communicates with third-party exchanges. In an agent setting, undeclared external connectivity can violate user expectations, security policy, or deployment controls, especially in restricted environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This reference repeatedly encourages use of the AI system in real trading workflows and frames the AI as objective and protective, but it does not include a sufficiently explicit warning that crypto trading can cause substantial or total financial loss and that AI outputs can be wrong. In the context of a production-grade cryptocurrency trading skill, this omission can lead users to over-trust the system and treat guidance as safer or more reliable than it is, increasing the chance of harmful financial decisions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation encourages direct execution of trading-analysis commands, including examples that fetch live market data and present 'execution ready' outputs, but it does not clearly warn users that these commands may make external network requests or that the results are not financial advice or approval for automated trades. In a trading skill context, this omission can lead users to over-trust the output, run the tool in restricted environments, or treat analysis as a go-signal for real financial decisions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation explicitly frames outputs as 'direct real-world application' and 'actionable recommendations' while emphasizing production readiness and zero-hallucination tolerance. In a cryptocurrency trading skill, that messaging can create undue user trust and encourage users to act on model output as if it were verified financial advice, increasing the risk of financial loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The 'Execution Ready: YES' presentation, combined with detailed entry, stop-loss, take-profit, and position sizing, materially increases the chance that users will treat the system as safe for live trading. In the context of a crypto trading agent, this can facilitate overreliance on AI-generated signals without adequate warnings, suitability checks, or regulatory/compliance guardrails.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This module emits concrete trading recommendations such as FAVORABLE, CAUTION, and should_trade decisions without clear user-facing warnings that the logic is heuristic and incomplete. In a cryptocurrency trading skill, such outputs can be interpreted as authoritative signals, increasing the chance of unsafe financial decisions and over-reliance on simplistic logic under volatile market conditions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code explicitly positions its output as "Production-ready output for real-world application" and generates actionable LONG/SHORT recommendations, but it contains no user-facing disclaimer, suitability check, or gating to reduce unsafe reliance. In a cryptocurrency trading skill, this increases the chance that users or downstream systems will treat probabilistic model output as trustworthy execution guidance, leading to financial loss or risky automated trading decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal