ClawHub

My Skill

Security checks across malware telemetry and agentic risk

Overview

The main tool is a basic paper-trading bot, but the package has inconsistent identity metadata and includes an unrelated shell-based chat wrapper with unsafe command execution behavior if run directly.

Review this package carefully before installing. Treat it as a simple paper-trading demo, not financial advice or a live trading system. Avoid running the extra index. chat wrapper unless it is fixed to avoid shell interpolation, and do not leave run.sh running unattended unless you intentionally want repeated local paper-trade updates and Binance API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata advertises a BTC/ETH/SOL trading bot, but the implementation is only a generic wrapper that forwards user input to a local Ollama model. This capability mismatch is dangerous because it misrepresents what the skill does, defeating user trust and making it easier to hide unrelated or unsafe behavior behind a benign-seeming description.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code launches a local subprocess via execSync to run an external CLI model, even though the declared purpose is a crypto trading bot and no trading features are present. Spawning subprocesses expands the attack surface and can enable command execution pathways or unauthorized local resource access, especially when tied to user-controlled input.

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The manifest metadata materially conflicts with the stated purpose of the skill: it claims to be a generic CLI skill runner rather than a trading bot for BTC, ETH, and SOL. This kind of identity mismatch can conceal the true behavior or deployment scope of the skill, making review, policy enforcement, and user trust decisions less reliable.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes trading analysis and paper-trade execution but does not clearly warn users that outputs are not financial advice and that trading involves substantial risk. In a trading context, missing disclosure can mislead users about the reliability and scope of the bot, especially if they confuse simulated trading features with safe or profitable real-world use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User input is sent directly to an external local CLI model without any disclosure, consent flow, or explanation to the user. Even if the model is local, prompts may contain sensitive information, and silently forwarding them to another process creates privacy and trust risks that users cannot evaluate.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is too generic to establish a clear activation boundary or intended operational scope. In a trading context, vague metadata increases the chance of inappropriate invocation, weak review coverage, and missed detection of risky behavior because evaluators cannot clearly tie the skill to specific allowed actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal