ClawHub

Tushare Finance Jarvis

Security checks across malware telemetry and agentic risk

Overview

This is a Tushare data-access skill that appears coherent and non-destructive, with some broad reference documentation users should understand before use.

Install this if you need Tushare-based financial or market data and are comfortable providing a Tushare token. Prefer TUSHARE_TOKEN over storing the token in a project config file, do not commit tokens, and restrict file permissions for any local secret file. Review the reference index before using broad endpoints such as policy documents, CCTV transcripts, film/TV data, or management biographies, and treat any personal data fields as privacy-sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file documents a non-financial interface for national TV drama filing/publicity data inside a skill whose declared purpose is finance and macroeconomic market data. This scope mismatch can cause an agent to invoke unrelated capabilities, increasing the risk of policy bypass, data-governance violations, and unintended use outside the user's expected domain.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The documented `npr` interface exposes broad government policy and regulatory text retrieval, which is outside the skill’s declared scope of financial market and macroeconomic data. This kind of scope expansion increases the chance of unauthorized or misleading use of the skill as a general policy-intelligence retrieval tool, weakening least-privilege boundaries and user trust about what the skill is supposed to access.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The file describes large-scale retrieval of public policy documents, including full text (`content_html`), which materially broadens the skill beyond market-data access into general government document collection. In context, this is dangerous because an agent or user may rely on the manifest’s finance-only framing while actually gaining access to a substantially different corpus that could be used for surveillance, policy mining, or off-purpose analysis.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documented `cctv_news` API exposes political news transcript content that is outside the skill's declared scope of financial market and macroeconomic data. This scope drift can cause the agent to retrieve and present politically sensitive, non-financial content unexpectedly, increasing compliance, trust, and misuse risks for downstream consumers who rely on the manifest to constrain behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to place the Tushare token directly in a plaintext config file, which increases the chance of accidental credential disclosure through source control, backups, shared home directories, or local file exposure. While this is not an exploit by itself, it is an insecure secret-handling practice that can lead to unauthorized API usage if the token is leaked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document exposes and exemplifies access to personal data fields for named individuals, including name, gender, nationality, birthday, and potentially resume content, without any privacy warning, minimization guidance, or handling restrictions. In the context of an agent skill, this increases the risk that downstream consumers will retrieve, process, or redistribute personally identifiable information without considering privacy, retention, or lawful-use constraints.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The documentation includes ideologically directive language such as urging users to study and internalize party guidance, rather than neutrally describing the dataset. In an agent skill, this can bias outputs, normalize political persuasion as part of a data service, and create a higher risk that the agent surfaces propaganda-like framing without user consent or context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal