ClawHub

Gangtise 数据库

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its financial-data purpose, but one shareholder API path can send its authorization token to an undocumented environment-chosen URL.

Install only if you trust the publisher and intend to send financial-data queries to Gangtise. Before running shareholder queries, make sure GANGTISE_DOMAIN is unset or points only to the legitimate Gangtise HTTPS service, and review/delete workspace/gangtise outputs if they contain sensitive research or business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'TOP_HOLDERS_URL' from os.getenv (line 20, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
payload["fiscalYear"] = fiscal_year

    try:
        r = requests.post(TOP_HOLDERS_URL, headers=headers, json=payload, timeout=120)
        if r.status_code != 200:
            return pd.DataFrame()
        body = r.json()
Confidence
94% confidence
Finding
r = requests.post(TOP_HOLDERS_URL, headers=headers, json=payload, timeout=120)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly states it will call an external financial API and write structured results into the local workspace, but it does not clearly warn users that requested securities, date ranges, and returned data will leave the local environment and be persisted on disk. This can create privacy, compliance, and user-consent issues, especially if prompts or datasets contain sensitive watchlists, proprietary research targets, or regulated financial data handling requirements.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code persists usage metadata and later query results to predictable local paths under a workspace directory without any consent check, sensitivity classification, or permission hardening. In an agent skill context, saved results can contain proprietary prompts, retrieved documents, financial data, or operational metadata that other local users/processes may access if the workspace is shared or improperly secured.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal