ClawHub

Binance Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says broadly, but it hardcodes a specific Feishu recipient while the documentation implies users can configure who receives alerts.

Review before installing. Replace the hardcoded Feishu open_id in the scripts and config files, or verify the code is changed to actually load your intended config.json before running. Also decide whether you are comfortable with X monitoring through r.jina.ai and with a background process that writes local state and notification queue files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that X content is fetched through the third-party Jina AI Reader API, but it does not clearly warn users that account lookups and related request metadata will be sent to an external service. This is a real privacy/transparency issue because operators may deploy the skill without understanding the third-party dependency and resulting data flow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly performs continuous monitoring, sends detected content to Feishu recipients, and persists local state files, but the opening description does not clearly warn users about these ongoing data flows and local storage effects. This can mislead users about privacy, operational footprint, and continuous outbound messaging, increasing the chance of unintended data disclosure or unattended background activity.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The troubleshooting section recommends deleting state files to reset duplicate notifications, but it does not clearly warn that this erases tracking history and may cause reprocessing or loss of deduplication state. Users could unintentionally trigger repeated alerts or lose operational history without understanding the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script hard-codes a Feishu open_id and prints it at startup, while also embedding it into notification payloads written to disk. This exposes recipient-identifying data to anyone with access to the code, logs, or generated files, creating an unnecessary privacy and operational security risk even if it is not a direct code-execution issue.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The monitor fetches Binance Twitter content through r.jina.ai, a third-party proxy, rather than directly from the source platform. This leaks monitoring targets and access patterns to an external service and introduces a supply-chain/trust boundary where returned content could be modified, unavailable, or logged without the operator's awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal