ClawHub

A Share Trader

Security checks across malware telemetry and agentic risk

Overview

This looks like a trading-framework prototype, but it asks for trading authority while many decisions are based on simulated random data and a misleading live mode.

Treat this as a prototype for local simulation only. Do not install or run it with real brokerage access or rely on its buy/sell signals for financial decisions unless mock data paths are removed or clearly gated, live mode is disabled or backed by a real broker adapter, and every real-money action requires explicit user confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Intent-Code Divergence

High
Confidence
90% confidence
Finding
The code advertises a `live` mode for real trading, but `_execute_trades()` never submits actual market orders and instead marks trades as `EXECUTED` whenever mode is not `backtest`. In a financial trading skill, this mismatch is dangerous because operators may believe risk controls, order routing, or market actions are occurring when they are not, leading to false situational awareness and unmanaged financial exposure.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The engine claims to compute A-share market indicators, but two key components that influence sentiment and market-state recognition are generated with random values instead of being derived from input market data. In a trading skill, this can directly distort strategy weights, parameter adjustments, and risk settings, causing unsafe or misleading automated decisions under the appearance of quantitative rigor.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The module is documented as an A-share data interface, but it generates fabricated market, fundamental, and technical data using random values rather than retrieving real data. In a trading skill, this is dangerous because downstream strategy, risk, and execution components may treat synthetic data as real market inputs, leading to materially incorrect investment decisions and potential financial loss.

Intent-Code Divergence

Low
Confidence
94% confidence
Finding
The constructor advertises configurable external data sources such as xtquant, tushare, and baostock, but the implementation never uses them. This creates a deceptive trust boundary: operators may believe approved providers are in use when the system is actually inventing data, which increases the risk of silent misuse in trading workflows.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The module is presented as a real A-share data interface, but multiple primary code paths silently fall back to randomly generated mock data. In a trading skill, this can mislead downstream strategy, risk, or execution components into acting on fabricated market inputs, creating financial-loss and integrity risks without obvious operator awareness.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The tushare method is documented as retrieving tushare data but, in practice, always returns mock data. This is dangerous because callers may believe they are receiving authenticated live/provider data and make analysis or trading decisions based on fabricated values.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The strategy documentation claims to use real CSI1000 constituents, but `_get_index_constituents()` randomly samples symbols instead of querying an authoritative index membership source. In a live trading context this can cause the system to trade securities outside the declared universe, undermining strategy integrity, auditability, and risk controls.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The docstring states stock selection is based on chip concentration, but `_extract_fundamental_from_market()` fabricates `chip_concentration_90` values with `random.uniform()` whenever fundamental data is missing. This makes selection decisions effectively arbitrary while presenting them as data-driven, which is especially dangerous in an automated trading skill because it can trigger unjustified buy/sell actions and conceal data quality failures.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
When fundamental_data is absent, the strategy silently fabricates key screening inputs such as profit growth, profit_ttm, ST/suspension status, and warnings using random values. In a trading system, this can cause materially false buy/sell decisions while appearing to enforce real-world risk and compliance filters, making the behavior dangerous and misleading rather than merely a harmless fallback.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The strategy claims to rank stocks using price relative to MA250, but if technical data is missing it generates a random synthetic MA250 and uses that to compute oversold ratios. This undermines the core signal generation logic and can produce arbitrary trades, especially because the random fallback is intentionally biased to make securities look oversold.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The method `_extract_fundamental_from_market` claims to derive fundamentals from market data, but instead fabricates core trading inputs such as market cap, PE, EPS growth, listing days, ST status, and suspension state using `random`. In a live trading skill, this can cause arbitrary stock selection and trading decisions based on false data, defeating strategy constraints and potentially triggering significant financial loss or compliance issues.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The strategy docstring promises deterministic screening using real social-security top-shareholder data, but the implementation later substitutes random values when required data is absent. In a trading skill, this creates hidden nondeterministic behavior that can produce arbitrary stock selection and misleading backtest or live-trading outcomes.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code comments and strategy description indicate ranking by holding ratio, but _sort_stocks may use random placeholder values when holding_ratio is unavailable. This makes portfolio construction unpredictable and inconsistent with the stated strategy, which is especially risky in an automated trading context where users may trust the ranking logic for real capital allocation.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The strategy claims to generate KDJ-based trading signals, but when technical data is missing it substitutes randomly fabricated KDJ values and then emits BUY/SELL decisions from them. In a live or automated trading context, this can cause arbitrary trades, hidden model-risk, and financial loss because the system behaves unpredictably while appearing to operate on legitimate indicators.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples are very broad ('run the trading framework', 'execute strategy backtest') and do not constrain whether actions are analysis-only, simulation-only, or capable of placing live trades. In a trading skill with stated transaction permissions, ambiguous activation can cause an agent or user to trigger sensitive financial actions without adequate confirmation or scope checks.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal