ClawHub

stock-analysis-and-review-wechat

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock review helper that can schedule recurring portfolio reports and send them to WeChat, so it should be configured carefully but does not show malicious behavior.

Install only if you are comfortable using this skill with private portfolio details. Before enabling cron or WeChat delivery, confirm the schedule, test the destination with a harmless message, decide what should be stored in MEMORY.md, and remove scheduled tasks when you no longer need automated reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs use of network access, reading/updating MEMORY.md, and interacting with cron/task tooling, but the metadata does not declare corresponding permissions. This creates a capability transparency gap: a user or platform may approve the skill without understanding it can read/write local files and make outbound requests, increasing the risk of over-privileged or unexpected execution.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill gives conflicting guidance on cron delivery configuration: one section says not to manually specify accountId/to and to rely on announce+last, while the WeChat push section later marks to/accountId as required. This inconsistency can cause misconfigured automations, failed deliveries, or accidental routing of portfolio reports to unintended recipients, especially because the content being sent may include sensitive holdings and P&L data.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description uses broad operational triggers such as automatic/manual post-close position review without defining exact invocation boundaries, trigger phrases, or exclusion conditions. In an agent environment, vague activation criteria can cause unintended execution of data retrieval, analysis, memory updates, or outbound messaging from ordinary conversational context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cron workflow instructs the agent to automatically obtain portfolio-related data, update MEMORY.md, and support WeChat delivery without requiring explicit user notice or confirmation for persistence and external sharing. Because holdings, cost basis, and review conclusions are financially sensitive, silent write-and-send behavior creates a meaningful privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The WeChat integration section instructs sending review reports to an external messaging channel and includes recipient/account identifiers, but it does not warn that messages may contain sensitive investment positions, profit/loss figures, or account metadata. Without data minimization and sensitivity warnings, users may unknowingly expose private financial information to third-party channels or misaddressed recipients.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal