ClawHub

Tai Alpha Stock

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill uses external market-data services and a local SQLite database as disclosed, with no evidence of hidden data collection or destructive behavior.

Install only if you are comfortable with market-data network calls and a local SQLite database of ticker analyses. Set TAI_ALPHA_DB_PATH or TAI_ALPHA_OUTPUT_DIR if you need the data stored somewhere specific, and treat the output as informational rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and documents capabilities including shell execution, network access, filesystem reads/writes, and environment-variable use, but does not declare permissions or boundaries. This weakens user and platform trust controls because an agent may invoke the skill without understanding its real authority, increasing the chance of unintended data access, file modification, or external requests.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented description presents a narrower stock-analysis function than the broader behavior exposed in the workflow, including alerts, batch/cron automation, portfolio analysis, localization, and additional data fetches. This mismatch can mislead users and policy engines about operational scope, causing the skill to be approved or invoked in contexts where its actual behavior—especially persistence, automation, and network usage—would merit greater scrutiny.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that cron can use `TAI_ALPHA_TELEGRAM_WEBHOOK` but does not clearly warn that enabling this causes outbound network transmission of data. In an automation/cron context, users may unknowingly send ticker selections, alerts, or report content to an external endpoint, which creates privacy, egress-control, and compliance risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI execution path invokes collect_ticker(), which performs outbound network requests to Yahoo Finance and writes the collected results into a SQLite database, but the user is not explicitly warned that both network access and local persistence will occur. In an agent/skill context, this reduces transparency and can surprise users or operators, especially in restricted or privacy-sensitive environments where silent egress and disk writes are security-relevant behaviors.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal