ClawHub

Finance Toolkit

Security checks across malware telemetry and agentic risk

Overview

This finance analysis skill is mostly purpose-aligned, but it needs Review because it includes under-disclosed process handoff and alert synchronization behavior.

Install only if you are comfortable with a finance tool that fetches market data from public APIs, writes local cache/report files, may sync generated alerts into a host knowledge bridge when run directly, and may re-run one script through a hard-coded Windows Python path under MSYS2. Treat all buy/sell outputs as educational signals, not investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script silently checks whether it is running under an MSYS2 Python and, if so, re-executes itself via `C:/Python314/python.exe` using `subprocess.run(...)`. That introduces an unexpected execution path and trusts a hard-coded interpreter path without validation, which can lead to execution under a different environment than the user intended and may run attacker-controlled binaries if that path is replaced or hijacked.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The interpreter handoff occurs with no prompt, log message, or consent, so users may not realize the script is spawning a different Python process and exiting. In a skill context, hidden process creation is more dangerous because users expect transparent behavior from analysis or finance tooling, and this can bypass operational controls or confuse auditing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The file conditionally loads and executes `python_bridge.py` via `exec(compile(open(_p).read(), _p, 'exec'))`, which executes arbitrary code from a local file in the current process. In a skill/plugin context this is especially risky because any modification, replacement, or unreviewed content in that bridge file gains immediate code-execution capability with the privileges of the host process.

Missing User Warnings

High
Confidence
98% confidence
Finding
The file conditionally loads and executes `python_bridge.py` via `exec(compile(open(_p).read(), _p, 'exec'))`, which executes arbitrary code from a local file in the current process. In a skill/plugin context this is especially risky because any modification, replacement, or unreviewed content in that bridge file gains immediate code-execution capability with the privileges of the host process.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script conditionally transmits alert data to an external bridge/knowledge system without explicit user consent, clear disclosure, or any visible access-control checks in this file. Even though the payload appears limited to stock names and alert details, silent outbound synchronization creates data-governance and privacy risks and could expose trading activity or portfolio-related signals to external systems.

Missing User Warnings

High
Confidence
92% confidence
Finding
The script generates direct buy recommendations such as '强烈买入信号' from simplistic heuristics without any disclaimer, suitability checks, or risk controls. In a finance skill, this is dangerous because users may treat the output as actionable investment advice, leading to material financial harm or regulatory exposure.

Unvalidated Output Injection

High
Category
Output Handling
Content
)

    try:
        r = subprocess.run(
            ['curl.exe', '-s', url, '-L', '--max-time', '15'],
            capture_output=True, timeout=20
        )
Confidence
83% confidence
Finding
subprocess.run( ['curl.exe', '-s', url, '-L', '--max-time', '15'], capture_output

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal