ClawHub

Stock Monitor Skill

Security checks across malware telemetry and agentic risk

Overview

This stock-alert skill mostly matches its purpose, but it can run an unreviewed neighboring voice-sending script while requiring alert credentials.

Review before installing. Use dedicated low-privilege Feishu and Noiz credentials, inspect or remove the neighboring feishu-edge-tts dependency before enabling voice alerts, avoid putting secrets in shared shell history or logs, and only enable the cron job if recurring stock-alert messages are intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
79% confidence
Finding
The documented purpose omits several behaviors identified by analysis, including repeated alerts, additional monitoring logic, holiday-config reads, and a NoizAI API dependency. This creates a transparency gap: users may provide credentials or install the skill without understanding all outbound integrations and operational behavior, which increases the risk of unexpected data transmission or abuse of notification channels.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script requires NOIZ_API_KEY even though the described skill only needs stock monitoring and Feishu alerts, indicating hidden or over-broad credential access. Unnecessary secret collection expands the attack surface and can enable unauthorized downstream API use if the environment is shared or the skill is later modified to exfiltrate or misuse that key.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation asks users to configure Feishu and API credentials but does not clearly disclose that stock symbols, alert text, and related metadata will be sent to third-party services. This is a data-transparency and consent issue: users may expose sensitive trading interests or operational information without informed approval.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends stock-related content to external services via curl and a separate voice-sending subprocess, but provides no explicit consent flow or clear disclosure of what data leaves the host. This is risky because stock watchlists, alert text, and associated metadata may be sensitive, and the delegated script could transmit more than the user expects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal