ClawHub

freeStockLIneskill

Security checks across malware telemetry and agentic risk

Overview

This is a public A-share market-data lookup skill that uses disclosed free finance sources and does not show credential theft, account mutation, persistence, or destructive behavior.

Install this only if you are comfortable sending stock lookup terms and symbols to public finance data providers. Avoid using it for confidential watchlists or regulated research, and be aware it may bypass local proxy environment settings during some provider calls. Treat results as public market data, not investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares only a Python binary requirement, but the documentation explicitly instructs the agent to run a local Python script that performs external queries against multiple internet data sources and may access environment-derived runtime state. This permission/capability mismatch is a real security issue because users and hosting platforms are not given transparent notice that the skill can make network requests, which weakens consent, policy enforcement, auditing, and sandboxing decisions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation without defining concrete trigger boundaries, exclusions, or confirmation requirements. In this context, that can cause the agent to invoke a market-data skill automatically on loosely related finance queries, potentially overriding user intent, causing unnecessary tool use, and creating misleading responses framed as authoritative trading information without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The default prompt hard-codes a specific workflow and response style tied to Chinese A-share requests, including mandatory use of the skill and specific warning text, without checking the user's language or preference. This can bias routing and responses into a fixed locale/domain path, reducing user control and increasing the chance of irrelevant or confusing tool use when the user did not opt into that language or market context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends user-supplied stock queries, symbols, and related lookup terms to multiple third-party services such as Tencent, Sina, Eastmoney, CNInfo, and others without any built-in consent flow or user-facing disclosure at the code level. This creates a real privacy and data-governance issue because sensitive research interests, watchlists, or internal investigation targets can be exposed to external providers and logged outside the user's control.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The _quiet_call helper mutates global process environment proxy variables for the duration of a call, which can silently bypass enterprise egress controls, monitoring, or routing policies for library requests made in-process. Because environment variables are process-global, this can also create race conditions and unexpected network behavior for concurrent threads or other components running in the same agent process.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal