ClawHub

Investage Temp

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real investment-reporting skill, but it can email sensitive portfolio reports to hardcoded external recipients instead of only user-configured addresses.

Review and edit the scripts before installing or running them. Replace the hardcoded precaster email addresses, GOG account, and PostgreSQL user; verify gog auth and recipients; preview the generated report; and do not enable the cron job until you are sure where portfolio data is stored and sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documents use of network access, shell commands, database access, and outbound email, but no explicit permissions are declared. That creates a transparency and consent problem: a user or host system may not realize the skill can transmit portfolio data externally or execute local commands. In an investment-tracking context, the data may include sensitive holdings and email destinations, making undeclared capabilities materially risky.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose presents the skill as a daily portfolio tracking and reporting tool, but the described behavior extends to local PostgreSQL reads/writes, persistent snapshot/history storage, market-summary generation, and subprocess-based email delivery. This mismatch weakens informed consent and makes it easier for users to approve the skill without understanding the full data collection, persistence, and transmission surface. Because the subject matter is personal portfolio data, undisclosed storage and outbound reporting raise the severity.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code creates and stores AI-generated investment theses in PostgreSQL, which expands the skill's data handling beyond the stated behavior of reporting and email delivery. This kind of undisclosed persistence can surprise users, increase retention of sensitive portfolio-related data, and create privacy/compliance risk even though it is not directly exploitable as code execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automated HTML email reporting but does not warn that portfolio-related analysis may be sent off-host to email recipients via an external mail tool. Even if intended for the owner's use, this can leak sensitive holdings, trading rationale, or watchlist information through misconfiguration, compromised email accounts, or accidental recipient selection. The risk is elevated because financial portfolio data is privacy-sensitive.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persists daily portfolio snapshots, trading signals, and alert data to the database without any explicit user disclosure or consent flow. In a personal investment skill, this is sensitive financial telemetry, and silent retention increases privacy risk, unauthorized secondary use risk, and the blast radius if the database is later exposed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal