ClawHub

trading-monitor

Security checks across malware telemetry and agentic risk

Overview

This stock-monitoring skill has a coherent purpose, but it asks users to weaken global command-execution protections while creating persistent cron jobs that send financial analysis externally.

Review before installing. Prefer the documented manual `openclaw cron create/list/delete` commands, do not set `tools.exec.security` to `full` unless you intentionally accept a broad environment-wide command-execution risk, and verify the Feishu recipient so portfolio details and trading recommendations go only to the intended destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The documentation tells operators to set `tools.exec.security` to `full` globally in order to work around an allowlist error. That weakens execution restrictions for the broader environment, not just this stock-monitoring skill, and creates unnecessary exposure to arbitrary command execution from other skills or workflows.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases are broad and overlap with ordinary conversation, increasing the chance that the skill activates unintentionally. Because this skill can create, stop, and manage scheduled tasks, accidental invocation can lead to unintended state changes and noisy or persistent automation.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The quick-start section encourages deployment and task management actions that affect system state without clearly warning users that these commands create persistent scheduled jobs and may stop existing tasks. In a cron-management skill, missing safety prompts raises the risk of accidental or uninformed changes.

Missing User Warnings

High
Confidence
98% confidence
Finding
Recommending `tools.exec.security full` without a strong warning normalizes a dangerous security downgrade. In the context of a task automation skill that may invoke tools repeatedly and unattended, reduced exec restrictions materially increase the blast radius of any prompt abuse, misconfiguration, or future compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The troubleshooting advice instructs users to change `tools.exec.security` to `full` in response to an `exec denied` error, which appears to weaken or broadly relax execution protections without explaining the risk. In a skill that manages scheduled tasks and references editable PowerShell scripts, lowering exec safeguards can increase the chance that unsafe commands or modified scripts are executed automatically during recurring runs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal