ClawHub

Daily Market Report

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a stock-reporting tool, but it includes an undisclosed Finnhub script with a hardcoded API key and a runtime package install fallback.

Review this skill before installing. The main report script appears coherent, but the package includes an extra Finnhub script with a hardcoded credential and the documentation says no API key is required. Install only if you are comfortable with finance tickers being sent to third-party services, and prefer a version that removes the embedded key, documents all outbound providers, and avoids installing packages at runtime.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
    print("Installing yfinance...")
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "yfinance", "-q"])
    import yfinance as yf

# 用户持仓:只有 BMI 和 PDD
Confidence
93% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "yfinance", "-q"])

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Installing yfinance dynamically via pip during execution is not necessary for the skill's runtime behavior and expands the attack surface beyond stock data retrieval. This creates a supply-chain exposure and allows the script to alter the host environment in ways that are disproportionate to its stated purpose.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill processes user portfolio holdings and queries remote finance services, but the documentation does not clearly warn that ticker selections and possibly portfolio composition are transmitted to Yahoo Finance via yfinance. This is a privacy transparency issue: while not inherently malicious, lack of disclosure can cause unintended sharing of sensitive investment interests.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A hardcoded API credential in source code is a real secret-exposure vulnerability because anyone with repository or package access can reuse the token for unauthorized API calls, quota exhaustion, or account abuse. In this skill context, the danger is increased because the script automatically performs outbound requests using that embedded credential, confirming the secret is live and operationally relevant.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal