ClawHub

StockEarning

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed StockEarning portfolio assistant that uses an API key to query and update remote portfolio records, with sensitive write actions described and gated by user confirmation instructions.

Install only if you intend to use StockEarning.cn as the remote system of record for your portfolio. Use a dedicated API key, keep the local env file private, review any confirmation checklist before approving trade or position changes, and be aware that trade and portfolio details are sent to mystockearning.cn.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The script performs a high-impact state-changing operation by constructing trade data and issuing a POST to /api/trades/ using entirely environment-supplied values, but there is no in-script authorization gate, confirmation step, or policy check. In an agent-skill context, undisclosed write actions are dangerous because they can be triggered by prompts or workflows that the user may not understand as causing persistent financial record changes.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation instructs users to configure an API key but does not clearly warn that the credential will be sent to a third-party remote service on each request. That omission can cause users to expose sensitive credentials without informed consent, especially if they assume the key is only used locally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises transaction recording and position management but does not prominently warn that these actions can modify remote portfolio and trade records. In a financial context, unclear disclosure is especially risky because accidental or misunderstood actions can create false records, distort holdings, and affect downstream decisions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The command triggers are generic and high-level (for example, "secn", "market-data", and "trade-execution") without visible scope constraints, qualifying context, or exclusion guidance. In an agent/plugin ecosystem, broad trigger names increase the chance of unintended invocation or prompt routing into sensitive finance-related skills, especially one that may access portfolio data or execute trades using a required API key.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description '主入口:包含查询持仓、行情、记账所有功能。' is broad enough to match many generic investing-related requests, increasing the chance this skill is invoked in situations where the user did not explicitly intend portfolio access or transaction-related actions. In this skill's context, that over-breadth is more dangerous because the skill is not read-only: it includes write-capable trade creation, broker seeding, and position adjustment flows, so accidental or overly eager invocation could expose sensitive financial data or steer the agent toward high-impact operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation example is broad enough to trigger on ordinary natural-language statements about trades, which can cause the skill to activate in contexts where the user is describing, discussing, or simulating a transaction rather than explicitly authorizing one. In this skill, activation can lead to position checks, broker setup, fee calculation, and eventually creation of a trade record, so ambiguous triggering materially increases the risk of unintended state-changing financial actions.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script transmits user-supplied trade details to a remote API endpoint without any user-facing warning, consent prompt, or visibility into where the data is being sent. In a skill/plugin ecosystem, silent exfiltration or remote submission of financial data is risky because users may believe the action is local formatting or analysis when it actually persists sensitive portfolio information remotely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal