ClawHub

Stock Monitor Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-alert monitor that runs locally and polls public market-data sources, with some caution needed around its persistent background mode and scraping-style data access.

Install only if you want a local stock-monitoring daemon. Edit the watchlist, costs, and thresholds before starting it, expect your monitored symbols to be sent to external finance data providers, and use ./control.sh stop when you no longer want it running. Be mindful that the data-fetching approach may conflict with provider terms if run aggressively or through proxy-based workarounds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill describes and invokes network-capable behavior such as market data retrieval, anti-scraping session handling, and multi-source fetching, yet no permissions are declared. This creates a transparency and governance gap: users and the hosting platform cannot accurately assess or constrain outbound connectivity, which is especially risky for a background daemon that runs continuously.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose says the skill is for A-shares and ETFs monitoring, but the analysis indicates additional capabilities including news/sentiment retrieval, fund-flow and 龙虎榜 data collection, macro correlation logic, AI-style advisory output, and London gold monitoring. This mismatch is dangerous because it hides the real operational scope, expands data collection and decision-making behavior beyond user expectations, and can enable undisclosed external access or risky financial guidance.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code deliberately impersonates browser traffic with detailed fingerprint-like headers, randomized request timing, and fallback guidance to use a proxy/WARP when blocked. In an agent skill, this goes beyond normal API consumption and enables stealthy scraping behavior that can violate provider terms, evade rate limits, and be repurposed for abusive collection at scale.

Ssd 2

Medium
Confidence
95% confidence
Finding
The comments and implementation explicitly frame the skill as using anti-detection scraping tactics, including browser impersonation and randomized human-like timing. In skill context, that is risky because it operationalizes evasive collection patterns that can be reused for unauthorized scraping and concealment of automated access.

Ssd 2

Medium
Confidence
96% confidence
Finding
The skill includes explicit guidance to use a proxy/WARP or tune frequency when persistent blocking occurs, which is effectively operational advice for bypassing access controls. In an autonomous agent setting, such instructions increase the likelihood that the skill will be used to continue scraping after detection rather than failing safely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal