ClawHub

Multi-Agent Trading Debate

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent trading-decision assistant, but it includes market-order execution instructions and simulated trading signals without enough approval or safety controls.

Install only for analysis or paper trading unless you add a separate approval process for live orders. Before connecting it to any real execution bot, require human confirmation, explicit account and environment labels, allowed assets, maximum order size, slippage limits, and fail-closed handling for simulated or insufficient-data outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented as a debate/orchestration framework, but it also describes concrete trading logic such as regime detection, Kelly-based sizing, and execution/logging behavior. This mismatch is dangerous because operators may grant or invoke the skill assuming it only coordinates discussion, while it can influence or trigger higher-risk financial actions and persistent data writes.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The reference file includes an explicit order-execution template directed at a trading-execution agent, which goes beyond a debate or advisory framework and operationalizes live trading. In the context of an agent skill that triggers automatically on schedules and price movements, this materially increases the chance of autonomous financial actions without sufficient human authorization, policy checks, or safety gates.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The function claims to detect regime from OHLCV data, but when given insufficient candles it silently returns a fabricated bullish-looking simulation result instead of failing closed or signaling insufficient data. In a trading-decision skill, this can directly drive downstream agents toward unjustified execution decisions based on nonexistent analysis, making the issue more dangerous than a mere documentation mismatch.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The helper is documented as a numpy-missing fallback, but it is also used for insufficient market data, which hides an important failure mode from maintainers and downstream consumers. In this trading debate framework, understated fallback behavior increases the chance that simulated outputs are mistaken for real analysis and incorporated into live position decisions.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger conditions include broad phrases like 'trading signal is detected' and 'position decision is needed,' which are underspecified and can cause the skill to activate in unintended contexts. In a trading workflow, accidental invocation can create unnecessary market actions, noisy recommendations, or downstream execution pressure at the wrong time.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The additional trigger list remains ambiguous, especially items like 'Major news event detected' and 'Manual request,' which do not specify who can request activation or how news significance is determined. That ambiguity increases the chance of over-triggering, inconsistent behavior, or manipulation of the debate flow during volatile market conditions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow states 'Execution → Prediction Log → Reflection' without a clear warning that the skill may drive trade execution and persist trading data. In financial contexts, hidden execution and logging behavior can violate user expectations, create unauthorized trades, and expose sensitive portfolio or strategy information through stored records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The execution template instructs immediate order placement using a market order and contains no warning, confirmation requirement, suitability check, or risk disclosure. In a trading skill with automated triggers and a multi-agent workflow, this can normalize unsafe execution and enable unreviewed financial actions with direct monetary loss potential.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal