ClawHub

Aster Spot

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Aster API helper, but it gives an agent broad mainnet exchange authority and encourages plaintext storage of API credentials.

Install only if you deliberately want an agent to operate against an Aster exchange account. Use read-only or narrowly permissioned API keys where possible, do not enable withdrawal permissions unless required, avoid storing real secrets in TOOLS.md or repository files, and require explicit confirmation for every trade, transfer, withdrawal, or API-key creation action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documented functionality materially exceeds the stated purpose of a 'spot request' skill by including account operations, API-key creation, and other privileged workflows. This scope mismatch can mislead users and downstream systems about the level of trust and authority the skill requires, increasing the chance that sensitive operations are invoked unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The description and surrounding documentation do not clearly disclose that user credentials may be stored in local account records, even though later sections instruct persistent storage. Hidden secret-retention behavior is dangerous because users may provide API keys expecting ephemeral use, while the skill normalizes long-term local persistence of sensitive credentials.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
API key creation is a highly privileged account-management capability that is not justified by a skill presented as making spot API requests. If exposed through an agent, this can enable creation of new long-lived credentials, expanding access beyond the original user intent and complicating audit and revocation.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Withdrawal and external transfer endpoints are destructive financial actions that go well beyond ordinary spot data access or trading. In this context, they are especially dangerous because a user may enable the skill for market interaction without realizing it can also move funds off-platform or between wallets.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Instructing the agent to store newly provided credentials in TOOLS.md adds persistent secret-management behavior that is unrelated to the manifest's narrow request-execution purpose. This creates a direct path for credential accumulation in local files, which may later be read, leaked, committed, or exfiltrated by other tools or prompts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The instructions normalize storing user credentials in TOOLS.md without a strong warning that this is sensitive local persistence. Plaintext local storage of API keys and secrets is dangerous because such files may be exposed through logs, backups, repository commits, or other agent skills with file access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill lists destructive financial endpoints such as cancellation, transfers, and withdrawals with only limited warning about mainnet confirmation. Given the financial context, insufficiently prominent warnings increase the likelihood of accidental or socially engineered use of high-impact operations.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly directs the agent to store user-provided API credentials in a local file for later use. This is a classic secret-handling vulnerability because it converts transient credentials into durable plaintext artifacts that can be disclosed to other processes, users, tools, or version control.

Ssd 3

High
Confidence
96% confidence
Finding
The example account section normalizes keeping API keys and secrets directly inside the skill context, which encourages insecure operator behavior and copy-paste secret embedding. In an agent environment, embedded secrets are especially risky because they may be surfaced in prompts, logs, exports, or model context unexpectedly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal