ClawHub

Quant

Security checks across malware telemetry and agentic risk

Overview

This quant investing helper is purpose-aligned, but users should treat its privacy and dependency-install wording as incomplete.

Install only if you are comfortable using third-party financial data services. Do not store real tokens in shared config files, ask to see the exact dependency-install commands before running `quant install`, and treat trading signals as informational unless you explicitly approve any account-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The skill makes a strong privacy/security claim that all data is processed locally and not transmitted, yet its documented functionality depends on external services such as tushare, akshare, and yfinance. This creates a misleading trust boundary: users may disclose tokens, symbols, portfolio/watchlist data, or other sensitive inputs under false assumptions about network use.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance uses broad natural-language triggers such as asking for help or install behavior, which can overlap with ordinary conversation. In an agent setting, ambiguous activation increases the chance of unintended execution paths such as dependency installation or code scaffolding without the user deliberately invoking a narrowly scoped command.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase inviting activation through generic conversation like replying '继续' or 'Jarvis,先写 data.py' is overly broad and may be triggered in normal dialogue. Because the proposed next step is file creation, this ambiguity can lead to unintended code generation or workspace modification without a properly scoped command boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal