crypto-portfolio-tracker Security Audit Report
crypto-portfolio-tracker is an AI agent skill, created by crypto-tools-pro. ClawSecure audited crypto-portfolio-tracker through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 54 findings concentrate in Supply Chain, Malicious Code and Data Exfiltration, including Base64 Obfuscated Payload and Base64 Obfuscated Payload. 37 were rated high or critical severity.
Is crypto-portfolio-tracker safe?
ClawSecure audited crypto-portfolio-tracker and assigned a security score of 0/100 (High Risk), identifying 54 findings across Supply Chain and Malicious Code. Review the findings below before installing.
What did ClawSecure find in crypto-portfolio-tracker?
ClawSecure identified 54 findings in crypto-portfolio-tracker, concentrated in Supply Chain, Malicious Code and Data Exfiltration. 37 were rated high or critical severity. The most severe include Base64 Obfuscated Payload and Base64 Obfuscated Payload.
How was crypto-portfolio-tracker audited?
ClawSecure ran crypto-portfolio-tracker through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage.
What does a score of 0 mean?
ClawSecure assigned crypto-portfolio-tracker a security score of 0/100, placing it in the High Risk range. This is driven by 54 findings led by Supply Chain that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for crypto-portfolio-tracker
ClawSecure detected 54 security findings in crypto-portfolio-tracker, spanning Supply Chain, Malicious Code, Data Exfiltration and Cve.
- critical · Base64 Obfuscated Payload. Data Exfiltration finding detected in
tracker.py:36. - critical · Base64 Obfuscated Payload. Data Exfiltration finding detected in
tracker.py:48. - critical · Detects command injection patterns in agent skills: shell…. Command Injection finding detected in
SKILL.md:24. - critical · Detects command injection patterns in agent skills: shell…. Command Injection finding detected in
SKILL.md:25. - critical · Detects prompt strings used to override or force malicious…. Prompt Injection finding detected in
SKILL.md:21. - critical · Suspicious domain detected: glot.io (potential data…. Malicious Code finding detected in
SKILL.md. - critical · Suspicious domain detected: webhook.site (potential data…. Malicious Code finding detected in
SKILL.md. - critical · CVE-2026-25253: Dangerous configuration modification…. Cve finding detected in
SKILL.md. - critical · CVE-2026-25253: Dangerous configuration modification…. Cve finding detected in
SKILL.md. - critical · CVE-2026-25253: Dangerous configuration modification…. Cve finding detected in
config.json. - critical · CVE-2026-25253: Dangerous configuration modification…. Cve finding detected in
config.json. - critical · ClawHavoc C2 infrastructure detected: 91.92.242.30. Malicious Code finding detected in
tracker.py.
Showing the 12 highest-severity of 54 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for crypto-portfolio-tracker
Update and pin dependencies
Audit external network connections
Harden command execution
Related Security Research
AI Agent Supply Chain Attacks: How Dependencies Become Weapons→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on February 13, 2026. crypto-portfolio-tracker is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.