ClawHub

Stove Maker Api

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Stove Maker API helper, but it handles trading-related credentials and state-changing financial actions with several under-scoped safety warnings.

Install only after review. Use the test environment first, provide a short-lived or least-privilege Stove Maker JWT, and require explicit human confirmation before creating or canceling orders, processing corporate actions, granting token approvals, or signing transactions. Do not paste real private keys into prompts or examples, avoid unlimited token approvals unless you fully trust and can revoke the allowance, and avoid passing production JWTs through command-line flags, browser localStorage, or WebSocket subprotocols.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document's security guidance advises avoiding localStorage for sensitive applications, but the JavaScript example immediately stores the JWT in localStorage. This contradiction is dangerous because developers often copy examples directly, leading to token exposure via XSS, browser extensions, or shared-device persistence.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation states the endpoint is `GET /api/v1/maker/corporate-actions/pending` with JWT authentication, but the curl examples use a different path format and omit the required Authorization header. In an API skill with network permissions, this inconsistency can cause agents or developers to call the wrong route, bypass expected auth handling in client code, or build integrations that fail open or expose sensitive operational assumptions.

Intent-Code Divergence

Low
Confidence
90% confidence
Finding
The response schema and example disagree on field names, notably `create_at` versus `created_at`, and the example includes `total_count` that is not documented in the schema table. These mismatches can lead downstream consumers to parse responses incorrectly, mishandle corporate action records, or silently ignore fields in financial workflows where correctness matters.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is scoped as a Maker API integration using JWT authentication, but the testing guide expands into direct blockchain interaction, including faucet usage and contract calls. That scope drift can mislead users into handling wallets, RPC endpoints, and token contracts unnecessarily, increasing operational and security exposure beyond the declared API-only purpose.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The guide claims testing can be performed without actual blockchain transactions, but later instructs the user to execute on-chain faucet transactions on BSC Testnet. This contradiction can cause users to underestimate the need for wallet security and transaction review, leading them to sign transactions they did not expect to perform.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example stores a bearer JWT in localStorage without an immediate warning at the point of use, normalizing an unsafe implementation pattern. Because JWTs grant API access, any XSS or malicious script running in the origin can read and exfiltrate the token, enabling account compromise until expiration.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation instructs use of a JWT bearer token and an EIP-712 signed order to create a live order, but it does not warn that these are sensitive credentials and authorization artifacts that can directly trigger financial side effects. In an agent skill context, this omission increases the chance an automated system may log, expose, or submit real credentials and signed payloads without explicit user confirmation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation recommends approving ethers.MaxUint256 for the settlement contract without any warning or safer alternative. Unlimited token allowances are dangerous because if the approved contract, operator path, or connected account is compromised, an attacker may drain all approved tokens rather than only the amount needed for a single order.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs browser clients to pass the JWT as a WebSocket subprotocol value (`['jwt', jwt]`) without warning that subprotocols can be exposed in logs, monitoring systems, reverse proxies, browser tooling, and server handshake handling. Because this skill manages maker orders and positions via authenticated real-time channels, leakage of that JWT could allow unauthorized subscription to sensitive order events or broader API access depending on token scope.

Missing User Warnings

Low
Confidence
92% confidence
Finding
Although JWT authentication is declared as required, the examples do not demonstrate sending the bearer token or warn that the request requires authorization. This is dangerous because users and agent developers may copy the example verbatim, producing insecure or broken client implementations and normalizing omission of authentication in security-sensitive API usage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example includes a live transaction flow using a raw private key string and a faucet contract call, but does not warn users against hardcoding secrets, reusing real keys, or blindly signing even testnet transactions. In an agent skill context, this is more dangerous because users may copy-paste credentials into tooling without understanding that the example normalizes unsafe secret handling patterns.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal