ClawHub

stock-diagnosis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Eastmoney stock-analysis helper that sends one stock question to Eastmoney and may save the returned Markdown report locally.

Install only if you are comfortable sending stock questions to Eastmoney's service and storing successful reports locally by default. Keep EM_API_KEY private, use a revocable key where possible, and run with --no-save for queries you do not want retained on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly uses sensitive capabilities: it reads an environment secret (`EM_API_KEY`), performs outbound network requests to a third-party API, and can write files to disk, yet it does not declare corresponding permissions. This is dangerous because users, reviewers, and policy enforcement layers cannot accurately understand or constrain what the skill can access, which weakens least-privilege controls and makes secret exposure, unintended exfiltration, or unsafe file writes harder to prevent or audit.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill persists stock-analysis output to a local Markdown file by default, even though its stated purpose is to return a diagnosis report. Writing user-derived or third-party analysis data to disk expands the data exposure surface, can leave sensitive query history behind, and may violate user expectations in agent/runtime environments where tools should be side-effect minimal.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code writes analysis responses to disk automatically without a clear user-facing warning or explicit consent. This can unexpectedly retain user prompts and generated financial analysis on the host, creating privacy, compliance, and information-disclosure risk—especially in shared or managed agent environments.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal