ClawHub

aa

Security checks across malware telemetry and agentic risk

Overview

This stock-report skill mostly matches its stated purpose, but it silently routes network traffic through a hard-coded proxy and uses broad triggers, so it should be reviewed before installing.

Install only if you are comfortable with the scripts fetching market data from Yahoo Finance and Tushare and with reviewing or removing the hard-coded proxy defaults first. For A-share analysis, provide TUSHARE_TOKEN only when needed, and avoid using the skill for unrelated financial conversations unless you intend to run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The module mutates global HTTP_PROXY/HTTPS_PROXY environment variables at import time for the entire process, not just for its own outbound requests. In an agent environment, this can silently redirect traffic from unrelated components through an attacker-controlled or unintended proxy, enabling interception, metadata leakage, or request manipulation beyond the stock-fetching function's scope.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script sets process-wide HTTP_PROXY and HTTPS_PROXY defaults to a hard-coded proxy endpoint, which affects all outbound network traffic made by this process and imported libraries. In a stock-analysis skill that fetches external financial data, this can silently route sensitive requests through an unintended intermediary, enabling traffic inspection, tampering, reliability issues, or data exfiltration if the proxy is untrusted or compromised.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Several triggers such as '分析股票', '深度报告', '股票分析', and '美股分析' are broad enough to match ordinary conversation, which can cause unintended invocation of the skill. In an agent setting, accidental activation may prompt unexpected external data access, token-dependent operations, or execution of local scripts when the user did not clearly request this tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal