ClawHub

股票

Security checks across malware telemetry and agentic risk

Overview

This stock-data skill is purpose-aligned, but it should be reviewed because it automatically installs or upgrades a Python package during normal use.

Install only if you are comfortable with the skill changing your Python environment by fetching or upgrading thsdk automatically. Prefer using an isolated environment and preinstalling a reviewed, pinned thsdk version yourself; provide THS credentials only when needed for the data provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
pkg = f"thsdk=={version}" if version else "thsdk"
        print(f"[stock_utils] 正在安装 {pkg}...")
        
        result = subprocess.run(
            [sys.executable, "-m", "pip", "install", "--upgrade", pkg],
            capture_output=True,
            text=True
Confidence
97% confidence
Finding
result = subprocess.run( [sys.executable, "-m", "pip", "install", "--upgrade", pkg], capture_output=True, text=True )

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly states it will automatically run `pip install --upgrade thsdk`, which is shell/package-management capability despite no declared permissions. Undeclared execution and installation behavior is dangerous because it can change the runtime environment, pull unpinned third-party code from a package index, and bypass user/admin approval controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented behavior extends beyond the declared purpose, including broader analytics, charting, batch queries, depth data, and natural-language queries. This mismatch reduces transparency and can cause operators to grant or trust the skill for a narrower use case while it performs additional data access and processing actions they did not expect.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill can install or upgrade Python packages via pip even though its stated purpose is financial data retrieval. This expands the skill's behavior into environment modification and third-party code execution, increasing attack surface and creating a supply-chain risk that is not justified or disclosed by the skill context.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
ensure_thsdk() automatically installs or upgrades thsdk when missing or outdated, without any user confirmation. In an agent setting, silent environment changes are dangerous because they can fetch and execute unreviewed code, alter runtime behavior unexpectedly, and bypass normal dependency governance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal