ClawHub

A Stock Daily Market Sense

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed A-share market-reporting workflow; its risks are mainly normal API-token, third-party data-source, cache, and cleanup considerations.

Install this only if you are comfortable giving it a Tushare API token, allowing outbound market-data requests including JRJ for the early-limit-up feature, and letting it create or update local cache/report files. Keep generated evidence files if you need auditability before following the documented cleanup step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script mutates reference/market_data.csv during normal evidence-pack generation, which breaks the expectation of a read-only deterministic analysis skill and creates hidden persistent state. This can poison future analyses, make outputs non-reproducible, and let one run influence later runs without an explicit data-ingestion step.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
This code introduces an extra network-scraping path to JRJ for 10:30前涨停 analysis, expanding the skill's external data surface beyond the declared core sources. That adds supply-chain and data-governance risk, and can leak user-selected dates/usage patterns to a third party without clear disclosure.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill metadata says analysis is based on daily/daily_basic/涨跌停/指数 data, but this code also pulls Akshare market-activity data and later JRJ records as evidence inputs. That mismatch is a real security and trust concern because undeclared data sources increase exfiltration, provenance, and reproducibility risks for an agent skill users expect to be bounded.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to delete generated evidence and context files after report creation, but does not require an explicit user confirmation or prominent warning before data removal. In an agent setting, this can cause unintended loss of intermediate artifacts needed for auditability, reproducibility, debugging, or user review, especially because the deletion is framed as mandatory workflow behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal