ClawHub

Backtest Engine - Run Backtests

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal trading backtest tool, but its custom strategy option runs user-supplied Python code without making that risk clear.

Install only if you are comfortable with a local Python backtesting tool. Use built-in strategies or CSV/Yahoo Finance inputs normally, run it in a virtual environment, and treat any third-party --strategy-file as executable code that should be reviewed before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly describes generating JSON and Markdown reports, which implies filesystem write capability, yet `tools_available` is empty and no permission model is declared. This mismatch can cause the agent to perform file-writing side effects without clear authorization boundaries or user awareness, increasing the risk of unintended artifact creation or overwriting files in the working environment.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
load_custom_strategy() imports and executes arbitrary Python from a user-provided file path using exec_module(), which grants full code execution with the privileges of the process. In a backtesting skill, this materially expands scope from strategy evaluation to arbitrary local code execution, enabling file access, network calls, persistence, or environment secret theft.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill states that it generates JSON and Markdown reports, including named output files, but does not disclose this as a side effect or warn the user that files may be created. In an agent environment, silent file creation can surprise users, leak sensitive strategy information into persistent artifacts, or clutter shared workspaces.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The CLI accepts an arbitrary Python file and executes it without any prominent warning that this runs external code. That omission increases the chance that users treat the input as mere strategy data rather than executable code, which can lead to accidental execution of malicious files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal