ClawHub

Standx Cli

Security checks across malware telemetry and agentic risk

Overview

This is a real StandX crypto-trading skill, but it should be reviewed because it enables live financial actions and installs an unverified downloaded binary with elevated privileges.

Install only if you intentionally want an agent-accessible StandX trading CLI. Prefer Homebrew or a release you can verify, avoid sudo-based direct downloads when possible, keep the private trading key out of shell startup files, and require dry-run plus explicit confirmation before any order, cancel-all, leverage, or margin change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (18)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents live trading, cancellation, leverage, and margin-changing commands without a prominent warning that these operations can place real orders or mutate account state. In an agent-executed context, this materially increases the risk of unintended financial actions, especially because authenticated commands and examples are adjacent to benign read-only queries.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The manifest description is broad enough to activate on many generic crypto-related requests, including ones that may not require this specific exchange tool. In an agent ecosystem, overbroad activation increases the chance the skill is selected in inappropriate contexts, exposing trading/account capabilities when the user may have intended only general information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents live order creation, cancellation, leverage, and margin-changing commands without prominent warnings that these actions affect real funds and should require explicit user confirmation. In a trading skill, missing guardrails materially raises the risk of unintended financial loss from accidental or ambiguous agent actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples document live order creation, cancellation, leverage changes, and margin-mode changes without prominent warnings that these actions can affect real funds and positions. In a trading CLI, users may copy-paste examples directly, so the lack of safety framing increases the chance of accidental trades, liquidation risk from leverage changes, or unintended account modifications.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The authenticated stream examples show commands that expose order, position, balance, and fill activity, but they do not warn that output may reveal sensitive financial/account information in terminals, logs, shared shells, or recordings. Because these are continuous streams, they can unintentionally leak more data over time than a one-time command.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill requests a session JWT and an optional private trading key capable of authorizing exchange actions, but the manifest provides no prominent risk disclosure about financial loss, account compromise, or misuse of trading credentials. In a crypto-trading context, this is materially dangerous because users may supply powerful secrets without understanding that they can enable real trades and withdrawals or account takeover depending on exchange semantics.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installation scripts download archives from the network and then write into /usr/local/bin using sudo, yet the manifest gives no warning that installation requires privileged changes and trusts a remote release artifact. This creates meaningful supply-chain and local system risk if the release is tampered with, the URL is redirected, or users do not understand they are granting root-level file modification.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
{
              "id": "github-linux",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-x86_64-unknown-linux-gnu.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on Linux",
            },
Confidence
83% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
{
              "id": "github-linux",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-x86_64-unknown-linux-gnu.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on Linux",
            },
Confidence
83% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
{
              "id": "github-macos",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-aarch64-apple-darwin.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on macOS",
            },
Confidence
83% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
{
              "id": "github-macos",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-aarch64-apple-darwin.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on macOS",
            },
Confidence
83% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Linux x86_64
curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-x86_64-unknown-linux-gnu.tar.gz
tar -xzf /tmp/standx.tar.gz -C /tmp
sudo mv /tmp/standx /usr/local/bin/
sudo chmod +x /usr/local/bin/standx

# macOS Apple Silicon
Confidence
80% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-x86_64-unknown-linux-gnu.tar.gz
tar -xzf /tmp/standx.tar.gz -C /tmp
sudo mv /tmp/standx /usr/local/bin/
sudo chmod +x /usr/local/bin/standx

# macOS Apple Silicon
curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-aarch64-apple-darwin.tar.gz
Confidence
80% confidence
Finding
sudo

Session Persistence

Medium
Category
Rogue Agent
Content
The most secure way to authenticate. Credentials are not stored in shell history or command logs.

```bash
# Add to ~/.bashrc or ~/.zshrc
export STANDX_JWT="your_jwt_token"
export STANDX_PRIVATE_KEY="your_ed25519_private_key"
Confidence
90% confidence
Finding
Add to ~/.bashrc

Chaining Abuse

High
Category
Tool Misuse
Content
{
              "id": "github-linux",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-x86_64-unknown-linux-gnu.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on Linux",
            },
Confidence
86% confidence
Finding
&& sudo

Chaining Abuse

High
Category
Tool Misuse
Content
{
              "id": "github-linux",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-x86_64-unknown-linux-gnu.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on Linux",
            },
Confidence
86% confidence
Finding
&& sudo

Chaining Abuse

High
Category
Tool Misuse
Content
{
              "id": "github-macos",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-aarch64-apple-darwin.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on macOS",
            },
Confidence
86% confidence
Finding
&& sudo

Chaining Abuse

High
Category
Tool Misuse
Content
{
              "id": "github-macos",
              "kind": "script",
              "script": "curl -L -o /tmp/standx.tar.gz https://github.com/wjllance/standx-cli/releases/download/v0.3.5/standx-v0.3.5-aarch64-apple-darwin.tar.gz && tar -xzf /tmp/standx.tar.gz -C /tmp && sudo mv /tmp/standx /usr/local/bin/ && sudo chmod +x /usr/local/bin/standx",
              "bins": ["standx"],
              "label": "Install StandX CLI on macOS",
            },
Confidence
86% confidence
Finding
&& sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal