ClawHub

Csi Stock Analyzer

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is not visibly malicious, but it can generate investment ratings and buy/sell guidance from simulated or hard-coded data while advertising real-time, stock-specific analysis.

Review before installing or using. Treat this as a demo-quality analyzer unless you replace and verify the market, financial, and holder data sources; do not rely on its buy/sell ratings or confidence scores for real investment decisions. Use a virtual environment, pin dependencies, use a dedicated Tavily key if enabling news search, and disable news/report saving if you do not want company queries or local analysis records retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and appears to use network access, local file writes, and possibly environment access, but no explicit permissions are declared in the skill manifest/documentation. This creates a transparency and policy-enforcement gap: a host may invoke the skill without understanding its capability footprint, increasing the risk of unintended data access, persistence, or exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior says the skill provides market data, technical indicators, caching, and sentiment analysis, but the detected behavior extends into financial statement scoring, shareholder/institution/management-position analysis, buy/sell recommendation generation, and independent scraping from multiple third-party sources. This mismatch is dangerous because users and platforms may grant trust or permissions based on a narrower description than what the skill actually does, masking expanded data collection and decision-making behavior.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module-level docstring claims the component retrieves stock, news, and financial data from public sources, but multiple core methods actually return simulated or hard-coded data. In an investment-analysis skill, this is dangerous because downstream agents or users may rely on fabricated outputs as if they were real market data, leading to materially incorrect financial decisions.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
`get_historical_data` claims to fetch historical market data but generates random OHLCV values using NumPy. Because technical indicators and trading signals are computed from this data, the function creates deceptive stock-analysis output that appears legitimate but is entirely synthetic.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
`get_financial_report` documents company financial statement retrieval but returns fixed placeholder metrics unrelated to the requested stock. In a financial-analysis skill, presenting hard-coded financials as retrieved company data can mislead automated decisions, recommendations, or user trust in the system.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises real-time market analysis and technical signals, yet its technical analysis pipeline depends on random synthetic price series rather than actual market data. In the context of stock trading and buy/sell timing, this materially increases the danger because users may act on fabricated MACD/KDJ/RSI/EMA signals as if they were genuine, causing direct financial harm.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The financial-report and holder-change methods return generic mock data that is not specific to the requested stock, despite the skill positioning itself as stock-specific analysis. This is dangerous because it can create a false impression of issuer-specific due diligence and distort investment judgments based on fabricated ownership and financial conditions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code transmits the company name query and API key to Tavily without any visible user-facing disclosure or consent mechanism in this module. While external lookup is expected for news search, the privacy risk remains because user-provided company interests and search activity are shared with a third party, and the API key is included in the request body.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# CSI 2000 股票分析器依赖包

# 数据处理
pandas>=2.0.0
numpy>=1.24.0

# 网络请求
Confidence
91% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 数据处理
pandas>=2.0.0
numpy>=1.24.0

# 网络请求
requests>=2.28.0
Confidence
91% confidence
Finding
numpy>=1.24.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy>=1.24.0

# 网络请求
requests>=2.28.0

# 数据解析
beautifulsoup4>=4.11.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0

# 数据解析
beautifulsoup4>=4.11.0
lxml>=4.9.0

# 可选数据源
Confidence
90% confidence
Finding
beautifulsoup4>=4.11.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 数据解析
beautifulsoup4>=4.11.0
lxml>=4.9.0

# 可选数据源
# tushare>=1.2.89
Confidence
93% confidence
Finding
lxml>=4.9.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# seaborn>=0.12.0

# 工具库
pyyaml>=6.0
python-dotenv>=1.0.0
Confidence
96% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 工具库
pyyaml>=6.0
python-dotenv>=1.0.0
Confidence
88% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
75% confidence
Finding
numpy

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
86% confidence
Finding
requests

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
82% confidence
Finding
lxml

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
90% confidence
Finding
pyyaml

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
70% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal