ClawHub

Stock Trader

Security checks across malware telemetry and agentic risk

Overview

This is a real brokerage trading skill that is mostly transparent, but it can access sensitive financial data and may place live trades through commands that lack a built-in confirmation gate.

Review carefully before installing. Use this only if you intend an agent to access brokerage data and help submit real trades. Prefer hosted Trade It review flows, require explicit confirmation before every order-creating or order-executing action, avoid any immediate-placement mode, and revoke the token when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill exposes powerful capabilities beyond its declared tool permissions: it relies on environment secrets, reads local reference files, and makes outbound network requests via a bundled Python script, yet only declares `exec`. In a trading skill, this mismatch is especially risky because the script can access a live brokerage token and perform sensitive actions without transparent permission scoping, reducing reviewability and increasing the chance of unintended or unauthorized financial operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is overly broad: it says to prefer this skill for brokerage-backed trading requests generally, which can cause the agent to route many loosely related financial prompts into a live-trading integration. In this context, over-triggering is dangerous because the skill is connected to real brokerages and includes workflows that can create or even place trades, so accidental invocation materially raises the risk of unintended financial actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This guidance file standardizes brokerage IDs and order enums for a skill that can place real trades, but it does not include any warning or guardrail reminding the agent to obtain explicit user confirmation before submitting orders that affect funds. In a trading context, omission of such warnings increases the chance of accidental or unauthorized order placement, especially because the file explicitly instructs the agent to map user intent into executable brokerage and order parameters.

Missing User Warnings

High
Confidence
93% confidence
Finding
The example flow explicitly permits immediate order placement when "yolo mode" is enabled, and the assistant message normalizes execution without a fresh user confirmation or clear risk disclosure. In a trading skill, this materially increases the chance of unintended financial transactions, especially if prior user intent is stale, ambiguous, or manipulated by prompt/context errors.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script exposes create_trade, create_options_trade, and execute_trade flows that can place real financial orders without any local confirmation, dry-run, or explicit acknowledgment gate. In an agent skill context, this is especially dangerous because a mistaken prompt, tool misuse, or parameter injection could trigger irreversible trades and financial loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal