ClawHub

Stock Filter Skills

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide legitimate market-data API access, but its credential and activation guidance is too loose for safe default installation.

Install only if you trust the API provider and can configure it over HTTPS. Treat STOCK_API_KEY as a secret, avoid plaintext HTTP endpoints except isolated local testing, and use the skill only for explicit market or trend-data requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README says that mentioning broad phrases like “股票筛选”, “热门因子”, “股票分析”, and “抖音热点” will automatically trigger tools. In an agent setting, such generic trigger terms can overlap with ordinary user conversation, causing unintended tool invocation and accidental transmission of stock queries or related data to backend services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration example uses an HTTP base URL and the README discusses sending API keys via the X-API-Key header without warning users about transport security. If used as documented over plaintext HTTP, API keys and query contents could be intercepted or modified by anyone on the network path, exposing credentials and potentially sensitive financial-interest data.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation guidance covers a wide set of loosely related topics such as stock screening, factor presets, Jiuyan data, and Douyin hotspots, without clear boundaries for when the skill should or should not activate. Overbroad triggers can cause the agent to invoke this networked skill in unintended contexts, exposing user queries and using credentials more often than necessary.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs operators to configure an API key but does not include any warning that the key is sensitive, must not be exposed to users, and should never be logged or echoed. In a tool-driven agent environment, lack of such guidance increases the chance of accidental credential disclosure through prompts, debugging output, or misconfiguration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal