ClawHub

A-Share Review and Analyse

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised stock-report workflow, including AI analysis and optional publishing, with no evidence of hidden exfiltration or destructive behavior.

Install only if you intend to let this skill fetch market data, call Gemini when a key is configured, write local report/blog files, and create WeChat drafts when WeChat is enabled. Review config.yaml platforms and keep .env files in trusted locations before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes capabilities to read environment/config files, write output files, and send network requests, but it does not declare permissions or present clear consent boundaries for those actions. This creates a mismatch between apparent functionality and stated privileges, increasing the chance that an agent executes sensitive file, credential, or network operations without explicit user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs publishing to Hugo and WeChat and describes external API usage and file creation, but it does not require an explicit warning or confirmation that local content will be written and potentially transmitted to third parties. In a publishing workflow, this can lead to unintended disclosure of generated analysis, metadata, or user-provided content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs the agent to publish generated content to Hugo and WeChat, which are write and external-publication actions, but it does not require an explicit user confirmation immediately before those actions occur. This creates a safety gap where an agent could automatically write files or publish drafts containing sensitive, incorrect, or unintended content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
If no configuration file is found, the code silently creates one on disk in a common project location. This changes the filesystem state without explicit user consent and can normalize insecure defaults or unexpected behavior in automated environments, especially when later execution may publish content externally based on that config.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code can publish generated content to Hugo and WeChat directly during normal execution based only on configuration, with no explicit runtime confirmation or user-facing disclosure at the action site. In an agent or automation context, this creates a real risk of unintended external publication, data leakage, reputational damage, or abuse if upstream inputs are manipulated.

Credential Access

High
Category
Privilege Escalation
Content
1. Check if config.yaml exists: `{baseDir}/stock-review/config.yaml`

2. Check if .env file exists and is configured with `GEMINI_API_KEY`, `WECHAT_APP_ID`, `WECHAT_APP_SECRET`: `{baseDir}/stock-review/.env`


**config.yaml supports**: Default publishing platforms | Whether to skip AI analysis by default | Default data backtracking days | Default request delay | Default retry count | API key configuration
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
**config.yaml supports**: Default publishing platforms | Whether to skip AI analysis by default | Default data backtracking days | Default request delay | Default retry count | API key configuration
**.env supports**: API key configuration

**Minimum supported keys** (case-insensitive, accepts `1/0` or `true/false`):
Confidence
94% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
url = f"https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid={app_id}&secret={app_secret}"
        
        try:
            self.logger.info("Requesting WeChat access token...")
            response = requests.get(url, timeout=10)
            result = response.json()
Confidence
93% confidence
Finding
access token

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
google-genai>=1.63.0
pandas>=2.0.0
tabulate>=0.9.0
Confidence
93% confidence
Finding
akshare>=1.18.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
google-genai>=1.63.0
pandas>=2.0.0
tabulate>=0.9.0
croniter>=6.0.0
Confidence
93% confidence
Finding
google-genai>=1.63.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
google-genai>=1.63.0
pandas>=2.0.0
tabulate>=0.9.0
croniter>=6.0.0
google-generativeai>=0.8.0
Confidence
93% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
google-genai>=1.63.0
pandas>=2.0.0
tabulate>=0.9.0
croniter>=6.0.0
google-generativeai>=0.8.0
markdown>=3.10.0
Confidence
90% confidence
Finding
tabulate>=0.9.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-genai>=1.63.0
pandas>=2.0.0
tabulate>=0.9.0
croniter>=6.0.0
google-generativeai>=0.8.0
markdown>=3.10.0
python-dotenv>=1.1.0
Confidence
90% confidence
Finding
croniter>=6.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
tabulate>=0.9.0
croniter>=6.0.0
google-generativeai>=0.8.0
markdown>=3.10.0
python-dotenv>=1.1.0
pytz>=2025.2
Confidence
93% confidence
Finding
google-generativeai>=0.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
tabulate>=0.9.0
croniter>=6.0.0
google-generativeai>=0.8.0
markdown>=3.10.0
python-dotenv>=1.1.0
pytz>=2025.2
requests>=2.32.5
Confidence
94% confidence
Finding
markdown>=3.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
croniter>=6.0.0
google-generativeai>=0.8.0
markdown>=3.10.0
python-dotenv>=1.1.0
pytz>=2025.2
requests>=2.32.5
PyYAML>=6.0.0
Confidence
90% confidence
Finding
python-dotenv>=1.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-generativeai>=0.8.0
markdown>=3.10.0
python-dotenv>=1.1.0
pytz>=2025.2
requests>=2.32.5
PyYAML>=6.0.0
Confidence
88% confidence
Finding
pytz>=2025.2

Unpinned Dependencies

Low
Category
Supply Chain
Content
markdown>=3.10.0
python-dotenv>=1.1.0
pytz>=2025.2
requests>=2.32.5
PyYAML>=6.0.0
Confidence
94% confidence
Finding
requests>=2.32.5

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.1.0
pytz>=2025.2
requests>=2.32.5
PyYAML>=6.0.0
Confidence
95% confidence
Finding
PyYAML>=6.0.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal