ClawHub

股票分析

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is not clearly malicious, but it automatically writes report files and runs a local browser/server PDF workflow without a user confirmation step.

Install only if you are comfortable with the agent creating files in your Downloads folder and potentially launching local server/browser actions after stock analyses. Prefer disabling or overriding the automatic PDF workflow unless you explicitly request an exported report, and verify any financial analysis independently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a stock analysis assistant, but it also mandates automatic local HTML/PDF file creation in a fixed Downloads path after every interaction. This expands its behavior from advice generation into local side effects without clear necessity, user confirmation, or scope limitation, creating an avoidable security and privacy risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The PDF workflow requires starting a Python HTTP server, opening a browser, and invoking browser PDF functionality, which is unrelated to the primary task of stock analysis. These extra execution steps increase attack surface and may enable unintended local process, network-exposed, or browser-driven actions in environments where such capabilities exist.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions require automatic creation of HTML/PDF files in the user's Downloads folder and describe server/browser actions, yet do not require clear consent, warning, or confirmation before performing local writes. This is dangerous because silent filesystem modification and execution-adjacent behavior violate user expectations and can be abused to clutter sensitive directories, overwrite files, or normalize unsafe local automation.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal