ClawHub
Back to skill

Security audit

Us Stock Analyst

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent stock-analysis tool that uses the disclosed AIsa API and writes local reports, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable sending stock symbols, portfolio/watchlist context, research queries, fetched source content, and LLM prompts to AIsa. Use a scoped or test AIsa key where possible, monitor credit usage, and choose output paths carefully because reports are written to disk and include raw collected data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'filename' from input (line 640, user input) → open (file write)

Medium
Category
Data Flow
Content
print_report(report)

        filename = output_path or f"{ticker}_analysis_{datetime.now().strftime('%Y%m%d')}.json"
        with open(filename, "w") as f:
            json.dump(report, f, indent=2)

        print(f"✅ Full report saved to {filename}")
Confidence
88% confidence
Finding
with open(filename, "w") as f:

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The script silently persists the full report to local disk by default, even though the advertised behavior is stock analysis rather than data retention. Because the report includes raw upstream payloads, this creates an unexpected local data exposure and forensic footprint that users may not anticipate.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is centered on sending stock-analysis queries, portfolio/watchlist symbols, news searches, and LLM prompts to AIsa endpoints and potentially downstream model providers, but it does not clearly disclose that user inputs may leave the local environment. In a finance context, even ticker lists, holdings, and research intent can be sensitive and reveal investment strategy.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill forwards collected news, tweets, and web-search content to an external LLM endpoint without an explicit disclosure or consent step. This expands third-party data sharing beyond the primary market-data lookups and can leak raw external content, user-selected subjects, and potentially regulated or sensitive research context to another service.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The script saves a JSON report that includes `raw_data` from all fetched sources, but it does not warn users that the saved file contains those full payloads. This can unintentionally retain third-party content and potentially sensitive derived research artifacts on disk where other local users, backups, or sync services may access them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.