ClawHub

Stock Tracker Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent stock watchlist and quote tool, but users should know that news lookups run through a separate local Tavily search helper.

Install only if you are comfortable with Yahoo Finance and the separate Tavily/search helper receiving the stock symbols or company names you query. Review the openclaw-tavily-search skill separately for its own behavior, and be aware that the local watchlist is stored in the skill directory as JSON.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Try to find tavily script in workspace
        tavily_script = "/home/frank/.openclaw/workspace/skills/openclaw-tavily-search/scripts/tavily_search.py"
        
        result = subprocess.run(
            ["python3", tavily_script, "--query", query, "--max-results", "3", "--format", "brave"],
            capture_output=True,
            text=True,
Confidence
90% confidence
Finding
result = subprocess.run( ["python3", tavily_script, "--query", query, "--max-results", "3", "--format", "brave"], capture_output=True, text=True,

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes file read/write, network, and shell-capable operations in its documented commands, but declares no permissions. This weakens user and platform visibility into what the skill can do, making it easier for higher-risk behavior to run without informed consent or policy gating.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The declared purpose is stock tracking via Yahoo Finance, but the skill also retrieves and displays news and appears to call an external Tavily search component/service. This behavior expansion is security-relevant because it introduces undisclosed third-party network egress and data flows beyond the user's reasonable expectation from the description.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill description says it uses Yahoo Finance for stock data, but the code also sends company and ticker queries to a separate Tavily-based search script. This undisclosed data flow violates least surprise and can expose user interest patterns or monitored symbols to a third-party service not mentioned in the declared behavior.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Spawning a subprocess to execute another workspace script gives the skill a broader execution capability than needed for retrieving stock quotes. In an agent environment, this is more dangerous because the called script can change independently and may perform network access, file access, or other side effects outside the user's expected stock-query action.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger examples include broad natural-language phrases like asking how a stock is doing, which can overlap with ordinary conversation. Ambiguous triggering can cause unintended execution of file/network actions, especially in an agent environment where users may not realize they are invoking a skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Although the skill mentions showing news, it does not clearly warn that this requires outbound requests to external services. Users may unknowingly trigger network access and third-party data sharing when they believe they are only querying local stock information.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal