ClawHub

Rsi

Security checks across malware telemetry and agentic risk

Overview

This is a local RSI reference script with misleading calculator language, but it does not access accounts, credentials, networks, files, or execute trades.

Safe to install from an agentic-security perspective, but use it only as an educational RSI reference. Do not rely on its calculate command for real trading analysis unless you independently provide and verify actual price data, and do not treat its buy/sell labels as financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill claims to calculate RSI for any asset and support trading workflows, but the documented interface only accepts a period or a manually supplied RSI value and offers mostly static reference content. This mismatch can mislead users or agents into relying on nonexistent market-data processing, producing incorrect trading decisions or unsafe automation based on fabricated assumptions about what the skill actually does.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill description claims RSI calculation capability, but the implementation only prints explanatory text and interprets a user-provided RSI value; it never ingests price data or computes RSI. In a trading context, this mismatch is dangerous because users may rely on the tool for analysis decisions under the false belief that it performed an actual calculation, leading to incorrect financial actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal