ClawHub

Moltrade 1.0.9

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate documentation-only trading skill, but it warrants Review because it guides agents toward live trading, sensitive key use, and public Binance Square posting with incomplete scoping.

Install only after reviewing the external Moltrade repo and dependencies. Use testnet/test mode first, keep withdrawal permissions disabled, prefer least-privilege API keys and environment variables or a secret store, avoid giving the agent wallet private keys, and require explicit confirmation before any live trade, cancel-all action, copy-trading run, Nostr broadcast, or Binance Square post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This README describes a Binance Square social-posting capability that is outside the declared Moltrade trading-bot scope, indicating scope drift or hidden functionality. In an agent environment, undocumented or mismatched capabilities are dangerous because they can trigger unexpected external actions, collect credentials for unrelated services, or be used to manipulate markets via coordinated posting.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
A social-media posting feature is not justified by the stated purpose of operating a trading bot, so it introduces an unnecessary external-action surface. In trading contexts this is more dangerous because generated posts can influence sentiment, spam public channels, or be abused for promotional or manipulative activity while reusing user trust and agent automation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes fully formed authenticated POST examples for `/api/v3/order` against Binance mainnet, but does not clearly warn that substituting real credentials will place live orders. In a trading-bot skill context, users are likely to copy and run examples verbatim, which increases the risk of unintended real-market trades and financial loss.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language trigger example is broad enough to overlap with ordinary conversation, increasing the chance of accidental invocation of a public-posting action. Because the action sends content externally, ambiguous triggering can cause unintended publication, reputational damage, and leakage of user-provided or model-generated content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes posting user-provided content to Binance Square but does not clearly disclose that the text will be transmitted to an external third-party service. In an agent context, this can cause users to share sensitive, proprietary, or personal information under the mistaken assumption that the operation is local, especially because the workflow emphasizes convenience and auto-optimization rather than data handling boundaries.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-run triggers ('post to square', 'square post') are broad enough that ordinary discussion or quoted text could unintentionally activate a real posting workflow. In a skill that publishes externally, ambiguous triggers increase the risk of accidental content publication without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description does not clearly warn that using the skill sends user-provided content to Binance Square, an external public platform. That missing disclosure can cause users to invoke the skill without understanding that their text may be published publicly, creating privacy and reputational risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal