ClawHub

finviz-crawler

Security checks across malware telemetry and agentic risk

Overview

This is a real financial-news crawler, but its ticker-removal logic can delete local directories outside its article folder if given unsafe ticker values.

Install only after reviewing or patching the deletion paths. Avoid unusual ticker names, keep backups of any archive you care about, and require ticker validation, path containment checks, and an explicit confirmation or dry-run before using remove-ticker or automatic cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation states the query tool is 'read-only SQLite queries (no HTTP, stdlib only)' while elsewhere it exposes commands that add and remove tickers from the same database. This is a security-relevant documentation inconsistency because operators may grant or automate use of the tool under the false assumption that it cannot modify stored state.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script is presented as a query/read tool, but `remove_tickers()` performs irreversible deletion of article files and database rows. In an agent or automation context, this hidden destructive capability can be triggered under the guise of a safe read-only operation, causing data loss well beyond what a user would reasonably expect from the documented purpose.

Intent-Code Divergence

High
Confidence
94% confidence
Finding
The top-level documentation claims the tool reads from SQLite and article files for summarization, but the implementation also mutates ticker state and deletes stored content from both disk and the database. This mismatch is security-relevant because operators, agents, or reviewers may grant broader trust or execute the script in contexts where only read-only behavior was expected.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill advertises automatic expiry that deletes articles from both the database and disk, but it does not prominently warn about irreversible data loss. In a continuously running daemon with background cleanup, users may unintentionally lose retained data or summaries they expected to preserve.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Ticker removal immediately deletes per-ticker article directories, flat-path files referenced by the database, and associated article rows without any explicit confirmation or warning. In scheduled or agent-driven use, a mistaken argument, prompt injection, or bad automation step could silently destroy stored data with no recovery path.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The installer automatically creates and enables a persistent background service on Linux or a launch agent on macOS without an explicit consent prompt. Persistence is security-relevant because it causes the crawler to run automatically on login and continue network/data activity beyond the one-time install step, which can surprise users and increase exposure if the crawler or its dependencies are later compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal