Valuation Calculator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate stock valuation tool, but it should go through Review because it reads local holdings data, sends portfolio tickers to Yahoo Finance, and unnecessarily changes Python import resolution.

Review before installing. Use it only if you are comfortable with the skill reading your local holdings file and sending ticker symbols from that file to Yahoo Finance. Remove or fix the workspace sys.path insertion before use in any workspace that may contain untrusted Python files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation indicates it reads a local file (`~/.openclaw/workspace/holdings.md`) but does not declare the corresponding permission. Undeclared file access weakens user consent and reviewability, and in this context could expose portfolio contents or other sensitive financial data if the path is changed or interpreted broadly by the runtime.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared purpose frames the skill as a simple valuation calculator, but the documented behavior also includes external network access to Yahoo Finance, local file reads of holdings, index dashboard generation, and automatic WACC estimation using fetched market data. This mismatch is dangerous because users and reviewers may authorize the skill expecting only local computation, while it actually performs data access and transmission that can reveal portfolio interests or usage patterns.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The markdown omits a clear warning that using the skill sends ticker symbols and portfolio-derived lookups to Yahoo Finance. While the transmitted data may seem low sensitivity, watchlists and holdings can reveal investment strategy or personal financial interests, making the lack of disclosure a privacy issue.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The skill silently reads ~/.openclaw/workspace/holdings.md without an explicit warning, which can expose a user's portfolio composition unexpectedly when they invoke a generic command. In an agent environment, undisclosed access to local personal financial data is a privacy issue because users may not realize the tool is inspecting stored holdings data.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill uses yfinance to fetch market data over the network, which means user-supplied tickers and portfolio-derived tickers may be transmitted to an external service without clear disclosure. While ticker symbols are not highly sensitive on their own, portfolio-derived symbols can reveal investment interests and should be treated as potentially sensitive metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal