ClawHub

AI stock watchdog

Security checks across malware telemetry and agentic risk

Overview

This is a coherent stock-monitoring skill that stores portfolio details locally and can run optional scheduled scans, with no evidence of hidden code, credential theft, trade execution, or exfiltration.

Install only if you are comfortable keeping portfolio details, alert history, and derived monitoring state in local skill files. Prefer typed holdings or redact broker screenshots to remove account numbers, personal identifiers, and unrelated balances. Review every proposed portfolio diff before approving it, verify financial alerts from primary sources, and disable the optional scheduled scan or delete local state files if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented `clawhub sync` workflow can publish all changed skills in the working directory, but the text does not prominently warn that this is a bulk action with potentially broad scope. A user running it from the wrong directory or with unintended modified skills present could accidentally publish additional packages, causing unintended disclosure or release of incomplete content.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README advertises very broad conversational triggers like "check my stocks", "morning brief", and especially "anything I should know?" that can plausibly collide with normal user conversation and cause the skill to activate unintentionally. Because this skill processes sensitive portfolio data and may run scans or surface stock-specific alerts, accidental invocation can expose private financial context or produce actions the user did not mean to request.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README explains that users can upload broker screenshots and that the skill stores holdings, alert history, and state files, but it does not clearly warn users about what sensitive financial data is retained, where it is stored, how long it persists, or who can access it. In the context of a portfolio-monitoring skill, this creates a real privacy and security risk because holdings, cost basis, and broker-derived screenshots are highly sensitive personal financial information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill registers on very broad natural-language triggers such as "I bought", "I sold", and "anything I should know about my holdings," which can match ordinary financial conversation and cause the skill to activate unintentionally. Because the skill has read/write capabilities and can initiate portfolio update workflows, accidental activation increases the chance of unnecessary data access, confusing prompts, or user-approved state changes based on the wrong context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The routing table relies on ambiguous substring-style matching like "scan," "morning brief," and "anything I should know," without a strict intent resolution step before selecting sensitive workflows. In this skill, ambiguous routing is more dangerous because different branches can lead to image parsing, portfolio modification proposals, scheduled task creation, and persistent state updates, so misclassification can expose data or push the user into unintended actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly solicits broker-app screenshots or typed portfolio holdings, which are sensitive financial data, but provides no notice about privacy, retention, redaction, or safer input methods. In a portfolio-monitoring skill, this increases the chance that users disclose account identifiers, balances, and other metadata that may be stored, logged, or mishandled beyond what is necessary for the task.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example describes silent reading of portfolio data and later state/file updates without a clear upfront warning or consent model. In an agent skill, undisclosed access to local portfolio files and silent persistence can violate user expectations, create privacy risk, and normalize covert data handling even if the content is not overtly exfiltrated.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example shows that portfolio-related signals, management credibility scores, and promoter/pledge tracking data are stored for future runs, but the skill description does not warn users about this retention. Persistent storage of investment-related behavioral metadata increases privacy and profiling risk, especially because it accumulates sensitive financial context over time without clearly informed consent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal