ClawHub

Solana Funding Rate Arbitrage

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed trading bot, but it has enough financial-risk and scope issues that users should review it carefully before installing.

Install only after reviewing the code and running in dry-run mode with no wallet secrets first. If you proceed, use a dedicated low-balance wallet, avoid enabling cron or live trading until you verify data sources are real and fresh, and do not rely on the advertised yields or delta-neutral claims without independent validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (42)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation indicates access to environment variables and networked APIs, including wallet credentials and RPC endpoints, but no explicit permissions model is declared. That creates a trust gap: a user may invoke the skill without realizing it can access sensitive secrets and external services, which is especially risky in a trading bot context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose is narrowly framed as a Drift/Flash funding-rate arbitrage skill, but the analyzed behavior reportedly includes broader spot arbitrage, CEX comparisons, dashboard features, wallet-connect UI, and persistent trade history. This mismatch is dangerous because it can cause users to authorize a much broader operational and data-handling surface than they intended, including wallet-affecting and persistence behavior outside the declared scope.

Description-Behavior Mismatch

Low
Confidence
78% confidence
Finding
The guide introduces private-key configuration for future trade execution in a document otherwise centered on scanning and dashboard usage, which can normalize placing sensitive wallet material into a local .env file without strong handling guidance. In a trading skill context, this increases the chance users load hot-wallet credentials unnecessarily, expanding the blast radius if the skill later executes trades, logs environment values, or is run in an unsafe environment.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The code presents comparison yields as if they came from live or previously fetched market data, but they are actually hardcoded constants. In a trading/backtesting skill, this can mislead users into trusting stale or fabricated benchmarks, causing poor financial decisions and overstated strategy attractiveness.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This simulation script goes beyond analytical/backtesting functionality and presents promotional yield comparisons, return multipliers, and explicit strategy recommendations. In the context of an auto-trading skill for leveraged perpetual arbitrage, that framing can mislead users into treating speculative, model-based outputs as trustworthy investment guidance, increasing the chance of unsafe capital deployment.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file materially diverges from the advertised skill purpose: it implements spot cross-DEX swap arbitrage on Jupiter, Raydium, Orca, and Meteora instead of perpetual funding-rate arbitrage on Drift and Flash Trade. In an auto-trading skill, this mismatch is dangerous because operators may deploy it with the wrong risk assumptions, causing real funds to be traded in unintended venues and strategies.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code claims atomic execution but actually submits the buy and sell legs sequentially, so if the first trade succeeds and the second fails, the bot is left with unhedged inventory and market exposure. In the context of automated arbitrage trading, this can rapidly turn a small expected edge into significant realized loss during volatility, liquidity changes, or transaction failures.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file advertises a delta-neutral funding arbitrage engine, but the implementation only opens a spot hedge when `perpSide === 'short'`. When funding is negative, it opens a long perp position and explicitly skips the corresponding short-spot hedge ('need to borrow, skip for simplicity'), leaving directional market exposure while still presenting the strategy as arbitrage. In an auto-trading skill, this mismatch can cause users to deploy capital under false assumptions about risk and suffer substantial losses during price moves.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The opportunity scanner prints `LONG perp + SHORT spot` as an available strategy even though the execution path does not support opening the short spot hedge. This can mislead operators into believing certain opportunities are executable and delta-neutral when they are not, increasing the chance of manual or automated misuse based on inaccurate output. In a trading bot context, misleading strategy presentation materially increases operational and financial risk.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The dashboard presents 'Live Trading Enabled' and 'Execute Trade' UI states after wallet connection, but the execute path only shows a placeholder alert and does not place trades. In a financial trading skill, this mismatch is security-relevant because it can mislead operators into believing orders are live or that a wallet is actively being used for trading, increasing the chance of unsafe operational decisions and misplaced trust in the system.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The dashboard fetches and presents Binance funding data even though the skill is described as comparing Drift and Flash Trade. In a financial auto-trading context, this mismatch can mislead operators into making decisions or deploying strategies against the wrong venue, creating operational and trading risk through inaccurate assumptions about supported markets and execution paths.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The rendered dashboard text advertises a Solana funding arbitrage tool but explicitly instructs users to trade on Binance, which conflicts with the manifest-described venue set. In a system with auto-trading capabilities, misleading strategy instructions materially increase the chance of user error, misconfiguration, or execution on unsupported or unintended exchanges.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
This code builds executable Jupiter spot-swap transactions, which materially expands the skill from funding-rate analysis into live asset trading. In an auto-trading skill, hidden or under-declared swap capability is dangerous because it can route funds through an external aggregator and execute value-moving transactions outside the user’s expected Drift/Flash Trade funding-arbitrage scope.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The file integrates Jupiter quote, price, and swap functionality even though the skill is described as comparing funding rates across Drift and Flash Trade. That scope mismatch is security-relevant because users and reviewers may underestimate the skill’s ability to interact with additional third-party venues and generate transactions that move assets, weakening trust boundaries and review assumptions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
On API failure, the module silently substitutes fabricated randomized funding, price, and open-interest data and presents it through the same interface as real market data. In the context of an auto-trading funding arbitrage skill, this can drive false opportunity detection and unsafe trade execution based on nonexistent conditions, making the issue materially dangerous rather than a harmless placeholder.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file claims to be a Flash Trade integration, but parseRates() returns no real data and the runtime behavior degrades to randomized mock values when retrieval fails. That mismatch is especially risky in a scanner/auto-trader skill because operators may trust the integration as production-ready, while the code can silently operate on invalid inputs and generate misleading arbitrage signals.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
On API failure, the integration silently returns fabricated funding, price, and open-interest data instead of surfacing an error or marking the feed unavailable. In an auto-trading funding arbitrage skill, this can directly drive false signals, bad position entry, incorrect backtests, and automated capital loss because downstream logic may treat synthetic data as live market truth.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file presents itself as a live GooseFX integration, but parseRates returns no parsed real data and the operational path falls back to mock values. In the context of a scanner and auto-trader for Solana funding arbitrage, this mismatch is dangerous because users and automated systems may believe they are analyzing real GooseFX markets when they are actually operating on empty or fabricated inputs.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The implementation contradicts its documentation by claiming on-chain Solana RPC funding data while actually using a centralized HTTP API and silently substituting synthetic mock values on failure. In an auto-trading and arbitrage skill, this can cause trading decisions to be made on fabricated or stale market data, creating direct financial loss and masking outages or manipulation.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
Returning mock funding rates from a component labeled as a live integration is dangerous because downstream consumers cannot distinguish real market inputs from simulated values during failures. Given this skill advertises scanner and full auto-trading capabilities, silent fallback to random synthetic prices and funding rates can trigger false arbitrage signals, bad hedges, and uncontrolled automated trades.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
When the live Jupiter API call fails, the code silently substitutes fabricated funding rates, prices, and open interest values generated with Math.random(). In an auto-trading and arbitrage skill, this can directly drive trading decisions, backtests, or risk calculations using false market data, leading to real financial losses and misleading operators into believing the data is authentic.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
On API failure, the integration silently substitutes fabricated funding-rate and market data while preserving the same return type as real data. In an auto-trading arbitrage skill, this can directly drive trading, backtesting, or risk logic with false inputs, causing erroneous positions and financial loss without operators realizing the data is synthetic.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The successful retrieval path does not parse the Mango API response and always returns an empty array, so the integration never produces genuine Mango rates even when the external call succeeds. In a funding arbitrage scanner, this undermines market visibility and can suppress opportunities, distort spread comparisons, or trigger fallback logic based on incomplete data.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
On API failure, getFundingRates() silently returns randomized mock market data instead of surfacing an error or clearly marking the data as simulated. In an auto-trading funding arbitrage skill, this can cause trading decisions, backtests, or risk calculations to operate on fabricated prices and funding rates, potentially leading to real financial loss.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
On API failure, this integration silently substitutes randomly generated funding rates, prices, and open interest while preserving a real protocol interface. In a skill explicitly marketed for arbitrage scanning and auto-trading, this can cause the system to identify nonexistent opportunities and place trades based on fabricated market data, creating direct financial loss and unsafe automation behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal