ClawHub

stock-watchlist-zh

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal stock and crypto watchlist skill that stores a local watchlist and sends ticker symbols to AISA for price checks.

Install only if you trust the AISA endpoint and are comfortable sharing the tickers in your watchlist with that service. Consider setting CLAWDBOT_STATE_DIR to a dedicated directory to avoid state-file confusion, and treat generated prices or BUY/HOLD/SELL signals as informational rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares access to an environment secret and describes persistent file I/O behavior, but it does not declare explicit permissions despite having effective capabilities to read environment variables and write local state. This creates a transparency and policy-enforcement gap: users or orchestrators may approve the skill without understanding it can access API keys and modify files.

Intent-Code Divergence

Low
Confidence
74% confidence
Finding
The documented default state path points to a different skill name directory than this skill's own name, which can cause data to be written into an unexpected location. That can lead to cross-skill state confusion, accidental overwrites, or disclosure of watchlist data to another skill or workflow expecting a different path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the user's watchlist tickers to an external AIsa API to obtain prices and signals, but it does not clearly warn the user at the point of use that their portfolio interests are being transmitted off-host. While tickers are not highly sensitive by themselves, a watchlist can reveal trading intent or investment strategy, so silent exfiltration to a third-party service creates a real privacy and data-sharing risk in this skill context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal