ClawHub

ST股票分析

Security checks across malware telemetry and agentic risk

Overview

This is a stock-analysis prompt skill with disclosed web research and local PDF report creation, and no code, credential access, trading actions, or hidden behavior.

Before installing, confirm you are comfortable with the skill searching public finance websites and creating PDF reports in a local downloads path. Treat its ratings and price ranges as research notes only, and verify company filings and exchange disclosures before making investment decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is framed as a stock-analysis assistant, but it instructs the agent to always write a PDF report to a local filesystem path. Unnecessary file-writing expands the capability surface beyond analysis into persistent local side effects, which can surprise users, leak sensitive content into shared storage, or be abused if report contents include confidential prompts or user data.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Requiring output to `D:\Downloads\` is context-inappropriate for a stock research skill and hard-codes a host-local Windows path. This creates an unnecessary assumption about the runtime environment and can result in unauthorized writes, privacy issues on shared machines, or unsafe coupling between conversational analysis and the user's local filesystem.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown mandates saving a PDF locally without any clear warning, consent step, or user-facing notice that the skill will perform a write operation. Silent persistence is risky because users may not expect local artifacts to be created, and those artifacts can retain sensitive financial queries, account-related context, or other private information.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal