ClawHub

Alphapai Research

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the promised AlphaPai finance-research integration, but it needs review because it ships a plaintext API key and includes a remote self-upgrade flow that can replace local files.

Review before installing. Use it only for data you are comfortable sending to AlphaPai/Rabyte, remove the bundled API key and configure your own credential securely, and avoid the self-upgrade flow unless the update source and file changes are independently verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The self-upgrade workflow tells the agent to fetch remote instructions and then replace local skill files based on those instructions. This creates a supply-chain and prompt-injection risk: a compromised remote document or transport path could cause arbitrary local changes well beyond the skill's stated finance-research purpose.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill says it must be used whenever the user mentions a broad set of common finance-related phrases, which can override normal tool-selection safeguards. Overbroad mandatory triggering can route unrelated requests through a networked, privileged skill, increasing data exposure and the chance of unintended external calls.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs sending user questions, dialogue context, and optional time filters to AlphaPai's remote API, but provides no user-facing notice that prompts and context will leave the local agent environment. In a financial research setting, those inputs may contain proprietary investment theses, private notes, or sensitive client information, creating a real data disclosure risk through normal use rather than an exploit in code.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference describes multiple POST endpoints and an optional web-search flag, but never warns that user data may be transmitted to external services and potentially mixed with third-party retrieval sources. Because the skill metadata says it 'must' be used for many finance-research queries, the chance of silent external disclosure is elevated and can expose confidential research workflows or regulated business information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI persists the API key in plaintext to a local config.json file without warning the user, permission hardening, or use of a safer secret store. On multi-user systems, shared workstations, backups, or accidentally committed project files, this can expose the credential and allow unauthorized use of the AlphaPai API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal