ClawHub

A Stock Watcher

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share stock monitoring and analysis skill, with some reliability and privacy cautions but no evidence of hidden installation, credential theft, destructive behavior, or purpose-mismatched data use.

Install only if you are comfortable with the skill contacting third-party Chinese finance APIs for stock quotes and storing watchlist/holding data locally. Treat all investment outputs as informational, use specific commands to avoid accidental activation, and do not rely on the DingTalk personal-message stub for guaranteed alert delivery without verifying your OpenClaw notification setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The function documentation and name indicate that a personal DingTalk message is sent, but the implementation only prints a log line and returns True. This creates a dangerous false-success condition: callers may believe alerts were delivered when they were silently dropped, which can cause missed security, trading, or operational notifications.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase “日报” is very broad and commonly used in ordinary conversation, so it could cause the skill to activate when the user did not intend to invoke this stock-monitoring capability. In a financial skill, unintended activation is more concerning because it may surface portfolio-related content or initiate reporting flows in response to generic requests.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase “风险评估” is ambiguous because it is a generic term used across finance, insurance, healthcare, and compliance contexts. This can lead to accidental invocation of the skill during unrelated discussions, which is especially sensitive here because the feature collects questionnaire answers and generates investor profiling output.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrases “投资组合” and “资产配置” are broad financial terms that frequently appear in normal advisory, educational, or macroeconomic conversations. Because this skill performs portfolio-oriented analysis, these generic triggers increase the chance of unintended invocation and potentially inappropriate financial guidance in contexts where the user meant something else.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function sends user-supplied stock query data to a third-party Tencent finance API over plain HTTP, which lacks transport encryption and also provides no disclosure to the caller that external network access occurs. This can expose request metadata and query contents to network observers or intermediaries, and may violate privacy or security expectations in agent environments where outbound requests are sensitive.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code performs a request to the Sina finance API using plain HTTP and does so without any explicit warning that user input will be transmitted to an external third party. In an agent skill context, silent outbound network access can leak user interests or workflow data, and HTTP additionally allows interception or tampering of responses by a man-in-the-middle.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal