ClawHub

fetch-stock-daily

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public China A-share daily market data from Eastmoney and saves it locally as JSON, with no evidence of hidden credential use, exfiltration, or destructive behavior.

Install only if you are comfortable with the agent making outbound requests to Eastmoney and creating local JSON archives in your workspace. Review or constrain the output directory in restricted environments, and treat the market data as informational rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs use of a Node.js helper that performs external HTTP requests and writes fetched market data to local JSON files, but the skill metadata does not declare corresponding permissions or constraints. This can cause the agent or user to trigger network access and disk persistence without clear policy enforcement, reducing auditability and increasing the chance of unintended data egress or local data accumulation.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The markdown explicitly describes fetching data from Eastmoney over HTTP APIs and archiving results as local JSON, but it does not warn the user that executing the skill will contact an external service and persist files on disk. While the data involved appears to be public market data, the lack of disclosure can still surprise users, create compliance issues in restricted environments, or lead to unreviewed storage of fetched content.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default prompt is framed broadly enough that the skill may be invoked for a wide range of stock-data-related requests without explicit user confirmation or tighter routing constraints. In an agent environment, overly broad activation can cause unintended external data access and local file persistence, increasing the chance of inappropriate tool use or surprise side effects.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal