ClawHub

singa- finance

Security checks across malware telemetry and agentic risk

Overview

This finance skill mostly matches its purpose, but its SEC filing reader is too broad and can fetch non-SEC URLs, including local file URLs.

Review before installing. The stock and SEC features are useful and mostly disclosed, but do not allow this version to process arbitrary or untrusted filing URLs. Prefer a patched version that restricts read-filing to HTTPS SEC EDGAR hosts and expected filing paths, and treat any output from non-SEC URLs as outside the skill's intended scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly performs external data retrieval and uses environment variables, but the manifest only declares a binary requirement and does not disclose these effective capabilities as permissions. This creates a transparency and policy-enforcement gap: users or the platform may invoke a networked skill without realizing it can make outbound requests and read configuration from the environment.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The `read-filing` command accepts an arbitrary `--url` and passes it directly to `urllib.request.urlopen` without restricting the destination to SEC EDGAR domains. In an agent setting, this creates an SSRF-style primitive that can be used to fetch unintended external resources, potentially including internal network endpoints or attacker-controlled content, which is riskier than a normal EDGAR-only data retrieval tool.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The manifest description contains very broad trigger phrases such as 'any equity research task,' which can cause the skill to be selected for a wide range of loosely related requests. Over-broad routing increases the chance of unintended network access, unnecessary data exposure in prompts or tool inputs, and execution in contexts where the user did not specifically ask for this skill.

Missing User Warnings

Low
Confidence
89% confidence
Finding
Although the skill documentation mentions Yahoo Finance and SEC EDGAR, it does not present a clear user-facing warning that running commands will make external network requests. Lack of notice can mislead users about data flow and privacy expectations, especially if queries or identifiers are sent to third-party services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal