ClawHub

Etf

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as an ETF analysis tool, but its artifacts implement a generic local logger that saves user-entered text, so it should be reviewed before installation.

Review carefully before installing. Do not rely on this as an ETF research or investment-analysis tool unless the publisher adds real ETF functionality. Avoid entering account numbers, portfolio details, proprietary research, or other sensitive text because command inputs are saved locally under ~/.local/share/etf and can later be viewed or searched.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented behavior materially exceeds the stated ETF-analysis purpose and includes generic command handling, persistent logging of arbitrary inputs, search, export, and status/report capabilities. This mismatch is dangerous because users may provide sensitive financial notes or other data under the assumption they are using a narrow ETF tool, while the skill is actually acting like a generic local data collector and reporter.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest presents an ETF holdings and fund-metrics analysis skill, but the body describes a generic logging and local data utility. Such a disguise increases the chance that users invoke the skill in inappropriate contexts and trust it with data they would not otherwise provide, creating a deceptive capability gap that can hide collection or misuse of information.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Automatic history and activity logging introduces persistent collection of user interactions that is not necessary for the stated ETF-screening use case. In this context, the capability is more dangerous because financial research workflows may contain sensitive watchlists, symbols, notes, or proprietary analysis that users do not expect to be retained automatically.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Broad generic actions such as run, convert, generate, batch, config, and report are inconsistent with a narrowly scoped ETF analysis skill and expand the attack surface unnecessarily. In context, these commands suggest the skill may process arbitrary inputs and perform operations beyond user expectations, making misuse and accidental data exposure more likely.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script’s advertised ETF-analysis purpose does not match its actual behavior: it stores arbitrary user-supplied text across many generic commands and exposes search/export/history functions over that retained data. This kind of capability mismatch is dangerous because users may provide sensitive financial notes, symbols, credentials, or workflow data under the assumption of a narrow analytics tool, while the skill quietly acts as a generic persistent data collector.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The presence of generic config, batch, generate, export, and activity-history capabilities is unjustified for a narrowly described ETF holdings tool and materially broadens the data-handling surface. In context, these features enable collection, retention, and bulk extraction of user input without clear business need, increasing privacy and misuse risk.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The inline documentation and branding present the script as an ETF utility, but the implementation is effectively a generic local logger and log-management tool. Misleading documentation is security-relevant here because it causes users and reviewers to underestimate the sensitivity of submitted content and the persistence/export behavior of the tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill mentions local storage and automatic logging but does not clearly foreground that user actions are persisted by default. This is dangerous because users may reasonably assume a simple analysis tool is ephemeral, especially in a finance context where inputs can include sensitive research data, making the lack of prominent notice a meaningful privacy and trust issue.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
User input is appended verbatim to persistent log files in the user’s home directory with no warning, consent, sanitization, or retention limits. In a financial-analysis context, users may enter sensitive portfolio details or other confidential information, so silent persistence creates a meaningful privacy and data-exposure risk even if the data remains local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal