100Critical
This trading bot skill is vulnerable to prompt injection,
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Moss Trade Bot Factory: 你是一个专业的加密货币量化交易Bot工厂 + 策略调参师。
Actually does
The skill executes `python3` scripts to download cryptocurrency OHLCV data (from Binance UM or a specified CSV), generate trading bot parameters, and run local backtests (including evolutionary ones). It reads local markdown files for knowledge and JSON files for parameters and results. Optionally, it can contact `https://ai.moss.site` (or a user-defined URL) to bind agents, upload backtest results for verification, or initiate live trading, using credentials stored locally.
Skill Info
Namefei-moss/moss-trade-bot-factory
Registryclawhub
Version1.0.21
PURLpkg:clawhub/fei-moss/moss-trade-bot-factory@1.0.21
Stars3
Downloads1,083
Installs1
Source
SHA-256c5b0d44edd2e...
SHA-1c807bda40af4...
MD596085cf6990e...
TLSHc4023d691484...
ssdeep192:WL+vF2CY...
Size8,762 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install fei-moss/moss-trade-bot-factoryAssessments (2)
AI Agent Traps ↗Prompt Injection Detectedcriticalprompt injection
DeBERTa classifier detected prompt injection (confidence: 0.99)
99% confidence
Potential Command Injection via Script Argumentshighcommand execution
User-controlled inputs (e.g., symbol, timeframe, capital, CSV path) are passed as arguments to `python3` scripts. If these arguments are not properly sanitized within the Python scripts, it could lead to arbitrary command execution.
100% confidenceline 60
cd {baseDir}/scripts && python3 fetch_data.py --symbol <交易对> --timeframe <级别>
cd {baseDir}/scripts && python3 run_backtest.py --data "$CSV_PATH" --params-file /tmp/bot_params.json --capital <资金>Configurable External Platform for Data Exfiltrationhighdata exfiltration
The skill connects to external platforms using a configurable `trade_api_url` for sensitive operations like '上传验证' and '实盘交易'. If this URL can be manipulated, sensitive data (bot parameters, backtest results, credentials) could be exfiltrated to an attacker-controlled server.
100% confidenceline 25
默认平台地址使用 skill config `trade_api_url`,默认值 `https://ai.moss.site` 凭证只发往用户指定的平台地址
Local Storage of Sensitive Credentialsmediumcredential theft
Platform credentials are explicitly stated to be stored locally at `~/.moss-trade-bot/agent_creds.json` or a configurable path. While intended for legitimate use, this makes the file a target for other vulnerabilities or if the agent's environment is compromised.
100% confidenceline 23
平台凭证默认存 `~/.moss-trade-bot/agent_creds.json`;若 skill config `agent_creds_path` 已配置,优先使用该路径。
Automated Real-Time Trading Mode with Bypassed Confirmationmediumfinancial action
The skill supports an '自动模式' (automatic mode) for real-time trading that explicitly bypasses per-order user confirmation. While a core feature for automation, this represents a high-impact financial action that could lead to significant losses if the bot's decision-making is compromised.
100% confidenceline 150
实盘开仓必须用户确认(自动模式除外) 自动模式只有在用户明确说“启动自动交易”后进入;手动模式仍然逐笔确认
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/fei-moss/moss-trade-bot-factory)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/fei-moss/moss-trade-bot-factory"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/fei-moss/moss-trade-bot-factory.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/fei-moss/moss-trade-bot-factory.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow