ClawHub

HK IPO Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent HK IPO research and decision-support skill, but it stores local preferences and can change local scoring rules when the user runs those commands.

Install only if you are comfortable with the skill making public market-data requests and storing local HK IPO profile, watchlist, scoring, and review-history files. Treat scores as research support, not financial advice; review imported suggestions carefully before accepting them, and keep profile/config files out of shared folders and version control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill metadata declares no explicit permissions, yet the capability set implies environment access, filesystem read/write, and network use. That mismatch is dangerous because users and enforcement layers may treat the skill as low-privilege while it can access local config/database files and communicate with external services, increasing the chance of unintended data exposure or side effects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared role is a simple orchestrator, but the behavior described by analysis includes broad direct scraping, standalone CLI functionality, local persistence, exports, and mutation workflows. This is dangerous because consumers may invoke the skill expecting routing only, while it can independently collect external data, modify local state, and generate artifacts, expanding attack surface and hiding privileged operations behind an innocuous description.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The CLI and formatted output explicitly state the estimates are based on a 'TradeSmart' algorithm, but the implementation shown is a custom heuristic using hard-coded coefficients and comments indicating fitted historical parameters. This is a provenance/integrity issue: users may place unwarranted trust in the results, make financial decisions based on misrepresented methodology, or incorrectly assume external validation or vendor backing that does not exist.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The review service is described and structured as a persistence/export workflow, but accepting a suggestion can directly create and activate a new ParameterSet, changing live scoring behavior. This mixes review-plane and control-plane responsibilities, so any imported suggestion that passes validation can alter production scoring rules, increasing the blast radius of compromised suggestion files, operator mistakes, or insufficient authorization checks elsewhere.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The content explicitly describes leveraged IPO subscription and notes that aggressive participants may use financing and multiple accounts, but it does not include clear warnings that financing can amplify losses/costs and that multi-account participation may violate broker, exchange, or legal rules. In an orchestration skill for end-to-end HK IPO decision support, this can normalize risky or potentially non-compliant behavior and lead users toward harmful financial or regulatory outcomes.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The profile workflow handles sensitive personal financial data such as capital, risk tolerance, margin preference, and broker choice, and reveals a concrete local storage path without any explicit privacy warning, permission guidance, or secure-storage controls. In an agent skill context, this is more dangerous because downstream agents or users may follow the emitted instruction to persist sensitive data in plaintext YAML, increasing the chance of unintended local disclosure through weak file permissions, backups, logs, or repository inclusion.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal