ClawHub

Vnstock

Security checks across malware telemetry and agentic risk

Overview

This stock-data skill is mostly an API wrapper, but it has identity inconsistencies and stores a user API key locally without enough disclosure.

Install only if you trust the publisher and the xiaobenyang API service. Before entering an API key, understand that the skill will save it in a local .env file as XBY_APIKEY; consider using a limited-scope key and removing it when no longer needed. The package should be reviewed or corrected to remove unrelated gaokao naming and to document secret storage clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation includes an unrelated example call to `search_schools`, which belongs to a different gaokao/schools skill. Mismatched instructions are dangerous because they indicate copy-paste errors, weaken operator trust, and can cause an agent to invoke unintended functions or mishandle user requests in a security-sensitive routing layer.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The project structure identifies the package as `xiaobenyang_gaokao_skill`, conflicting with the declared Vietnam stock market service. This inconsistency raises supply-chain and integrity concerns because users may be interacting with code from a different project than advertised, making review and trust decisions less reliable.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The configuration is materially inconsistent with the declared Vietnam stock market skill: it is labeled for an unrelated '小笨羊高考' service and is hard-coded to use XBY endpoints and credentials. In a skill package, this kind of service mismatch is a strong indicator of deceptive repurposing or credential redirection, which can cause users to send secrets and traffic to an unintended external system.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements credential loading, persistence, and retrieval for an unrelated external service rather than for the advertised stock data service. In context, that means the skill can collect and store credentials for a different backend than users expect, creating a serious trust-boundary violation and possible secret exfiltration path.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the model to ask the user for an API key and persist it with `scripts.config.set_api_key(api_key)` but does not disclose storage behavior, retention, or protection. Collecting a credential through natural-language interaction without clear consent and handling details can expose sensitive secrets to local compromise, logs, or unintended reuse.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The function persistently writes the API key into a local .env file without any warning, consent flow, or discussion of storage risks. This can expose credentials to other local users, accidental source control commits, backups, or tooling that reads workspace files.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly creates a conversational flow to solicit an API key from the user and then store it for future use. In this context, that is more dangerous because the skill is unofficial and also has file and network capabilities, so a user-supplied secret could be retained insecurely or later exposed through logs, local files, or external requests.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
93% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
93% confidence
Finding
pydantic>=2.7.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
91% confidence
Finding
pydantic-settings>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
91% confidence
Finding
python-dotenv>=1.0.1

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
82% confidence
Finding
requests

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
80% confidence
Finding
pydantic

Known Vulnerable Dependency: pydantic-settings — 1 advisory(ies): GHSA-4xgf-cpjx-pc3j (pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_)

Low
Category
Supply Chain
Confidence
74% confidence
Finding
pydantic-settings

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal