ClawHub

Openclaw Quant Skill

Security checks across malware telemetry and agentic risk

Overview

This package needs Review because it mixes a crypto live-trading skill with an unrelated video-generation skill and asks users to install unreviewed external code.

Install only after the publisher removes or clearly separates the unrelated video-generator file and you have reviewed the external GitHub code yourself. Use paper/testnet mode first, do not provide exchange keys unless withdrawals are disabled and limits are tight, and avoid using any live-trading command unless you explicitly intend to place real orders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file content is for a video-generation skill, but the surrounding metadata says this is a cryptocurrency quantitative trading system. That mismatch is a strong supply-chain red flag because it can cause a reviewer or user to trust and install a skill under false pretenses, enabling unexpected code execution paths, dependency installation, and network/API usage unrelated to the declared purpose.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The auto-trigger rules are broad enough to activate on ordinary discussion about videos or on any multi-sentence text that merely resembles a script. This can cause unintended invocation of local shell commands and external API calls, increasing the chance of data being processed or sent off-host without a clear user request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs use of OpenAI TTS and Whisper with an API key, but it does not clearly disclose that the user's script and derived audio/transcription data will be transmitted to third-party services. In a skill context, this omission is risky because users may provide proprietary, personal, or sensitive text assuming processing is local.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This is a real safety issue because the skill explicitly supports live trading and natural-language agent usage, yet the referenced section does not clearly and prominently warn that a user request could trigger actions against a real exchange account. In an agent context, ambiguity around whether commands are simulated or real can cause unintended order placement, financial loss, or account-impacting operations, especially when API keys are already configured.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal