ClawHub

Xerolite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading integration, but it can let an agent submit real brokerage orders without a built-in confirmation or dry-run safeguard.

Install only if you intend to let OpenClaw interact with a Xerolite/IBKR trading setup. Prefer paper trading or a least-privileged key, verify XEROLITE_API_URL points to localhost or another trusted host, and require your own explicit confirmation process before any order placement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly enables live brokerage actions such as placing orders, but it does not prominently warn that these commands can execute real trades and directly affect a user's Interactive Brokers account. In an agent-driven context, this omission is dangerous because users may treat the skill as informational or low-risk automation and trigger irreversible financial transactions without adequate confirmation or understanding.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes a live order-placement endpoint for buying securities but does not warn that invoking it can execute real trades with potentially irreversible financial consequences. In an agent skill context, missing safety language increases the chance that an autonomous or semi-autonomous caller will use the endpoint without explicit user confirmation, dry-run checks, or understanding of market risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends order-placement requests directly to the trading API once required flags are present, with no interactive confirmation, dry-run mode, or explicit warning that a live trade is about to be submitted. In the context of an agent skill specifically designed to place IBKR orders, this increases the risk of accidental or prompt-induced execution of real trades, especially when invoked by higher-level automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal