ClawHub

Binance Futures Alpha Radar

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public Binance futures market data and produces analysis-only trading recommendations, with no evidence of private account access, order placement, persistence, or hidden data collection.

Install only if you want analysis-only Binance futures commentary and are comfortable running a script that contacts Binance public futures APIs. Avoid providing real balances or positions unless you intentionally want that sensitive financial context used, and treat leveraged trading recommendations as informational rather than automated trading instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill manifest says analysis should use public futures market data only, but this file explicitly allows replacing defaults with real account values. That expands the data scope from public-market analysis into handling sensitive financial account information, which creates a mismatch in user expectations, privacy boundaries, and downstream decision logic. In a trading skill, that can lead to unnecessary collection or use of balances and positions despite the advertised analysis-only behavior.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest promises only BUY, SELL, or HOLD recommendations, but this file enables ADD, REDUCE, and CLOSE when position context is supplied. Those actions imply active position management and can materially change trading behavior, making the skill more prescriptive and operational than advertised. In a financial context, this mismatch is dangerous because users may rely on guidance that effectively manages live positions without expecting that level of intervention.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is broad enough to trigger on many generic trading-analysis requests, which can cause this skill to activate unexpectedly in contexts where the user did not specifically ask for Binance futures analysis. Overbroad routing increases the chance of inappropriate tool use, unintended external data fetching, and domain-specific financial recommendations being injected into general conversations.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hardcodes Chinese output and even requires the internal reason field to be in simplified Chinese without checking the user's language preference. This can override user intent, reduce transparency for users who cannot read Chinese, and make safety-critical financial reasoning harder to review or contest.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default prompt is broad enough to encourage invocation on general requests for market commentary or buy/sell analysis without tightly constraining when the skill should be used. In a trading context, loose trigger wording can cause unintended use of the skill and overconfident recommendation generation, increasing the chance of unsuitable financial guidance being returned in situations the user did not explicitly request.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Forcing Chinese output in the default prompt without user opt-in can misalign the response language with the user's request and reduce comprehension of risk disclosures, assumptions, and recommendation caveats. In a trading-analysis skill, this is more dangerous because misunderstandings about BUY, SELL, or HOLD recommendations can directly affect financial decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal