ClawHub

Hk Financial Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed public financial-report downloader; its file writes and network access fit its stated purpose.

Install only if you want an agent to fetch public HK financial reports and store them locally. Review disk usage for large batch downloads, and consider editing the script if you need a configurable output directory or stricter download limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions while clearly describing network access to third-party endpoints and persistent local file writes under a fixed workspace path. This creates a transparency and consent problem: users or policy engines may treat the skill as lower risk than it really is, even though it can download arbitrary remote content and store it locally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented behavior does not accurately match what the skill appears to do: it writes files to a fixed local path, supports batch processing beyond the stated description, and claims HKEX download support that is not actually implemented. Misstated functionality is dangerous because it prevents users and defenders from making informed trust decisions and can hide data persistence or network behavior behind an incomplete description.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The markdown instructs users to perform bulk PDF downloads and store them persistently in the workspace archive without an explicit warning about disk usage or local data retention. In context this is expected functionality, but the lack of clear notice can still lead to unintended storage consumption and accumulation of downloaded files.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
When run with --pdf, the script writes downloaded files and a manifest into a fixed archive path under /root without an explicit confirmation step or strong safety boundaries. In an agent/skill context, silent filesystem modification can be dangerous because it may overwrite expected workspace state, consume disk, and create persistent artifacts from untrusted remote content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal