ClawHub

China Stock Sentiment

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can generate investment-style reports from mock data and relies on an unpinned chained skill call.

Install only if you are comfortable treating this as an early/prototype finance helper. Verify any generated report against real market sources before acting on it, review the dependent `baidu-hot-cn` skill, and periodically delete local reports that reveal watched stocks or sectors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The function is documented as fetching Baidu hot stock topics, but it actually executes a local CLI command to invoke another skill. This hidden capability boundary is dangerous because callers may assume a simple data retrieval function while it can trigger external code paths, inherit local privileges, and create unexpected side effects or trust-chain risks through the other skill.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill spawns a subprocess to run another skill (`openclaw skill run baidu-hot-cn`), expanding its effective capabilities beyond local sentiment analysis. Even though the command string is static and not obviously user-injectable here, this introduces supply-chain and privilege-boundary risk because the called skill may perform network access, file operations, or other sensitive actions not visible in this file.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example invocation phrases are generic natural-language requests such as viewing today's market sentiment or generating a weekly report. In assistant platforms that trigger skills from broad utterances, these phrases can overlap with ordinary conversation and cause accidental invocation, which may lead to unintended data access, confusing responses, or unplanned downstream actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises monitoring of news and social media but provides no disclosure about what data is collected, retained, shared, or how user-linked watchlists and queries are handled. For a sentiment-analysis skill, this omission can expose users to privacy and compliance risk, especially if market interests, tracked symbols, or monitoring preferences are stored or transmitted externally.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very generic terms like “股票”, “投资”, “stock”, and “sentiment”, which are common in ordinary investing conversations and can cause the skill to activate unintentionally. In a finance context this is risky because the skill may begin fetching data, generating analysis, or influencing investment-related responses when the user did not explicitly request this specific capability.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states that sentiment data and generated reports are stored in local Markdown files but provides no user-facing warning, consent flow, retention policy, or guidance on what may be persisted. This creates a privacy and data-governance risk because user queries, watchlists, analysis targets, or generated investment reports may remain on disk and be accessible longer than the user expects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal