ClawHub

equity-research-analyst-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent equity-research skill, but it needs Review because it can influence investment actions, modify financial files, store portfolio thesis data, and ingest untrusted trading-community content without enough user-control safeguards.

Install only if you are comfortable giving the agent a RapidAPI key, making third-party market-data calls, and letting it create or update local research files. Use a dedicated workspace, keep backups of any models, require confirmation before overwrites or ZIP extraction, avoid storing sensitive portfolio thesis data unless you intend to, and treat generated ratings, price targets, and TradingView community ideas as untrusted research inputs rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (19)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The Idea Details example exposes social/profile metadata and direct links to promotional channels that are unrelated to core equity-research functionality. In an agent skill that may ingest and summarize third-party content, this creates a pathway for affiliate marketing, off-platform contact solicitation, and prompt contamination from untrusted user-generated metadata.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Including social-follow and user-signature metadata broadens the trust boundary from market data into user promotion and broker/affiliate content. In the context of an equity research skill, this is dangerous because the agent could surface or prioritize promotional text as if it were research, enabling spam, undisclosed solicitation, or conflicted recommendations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The spec exposes MCP JWT token generation and MCP connection bootstrap material, which materially expands the skill surface beyond institutional equity research. In an agent-skill context, this can enable unauthorized capability escalation or persistent external connectivity unrelated to the user’s research request, increasing abuse and secret-handling risk.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Generic JWT generation for WebSocket/SSE access creates a reusable authentication primitive that is broader than necessary for equity research report generation. In a tool-consuming agent, such token minting can be abused to establish new sessions or streams and broaden data access in ways the user did not request.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
SSE streaming introduces persistent real-time data flow, which is a materially stronger capability than one-shot research lookups. In this skill context, persistent streams can facilitate uncontrolled data ingestion, increased cost, covert exfiltration channels, or long-lived sessions that bypass the expected bounded research workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly instructs the agent to gather executive information from LinkedIn and write detailed biographies, but it provides no privacy, minimization, or source-handling safeguards. In an agent setting, this can normalize unnecessary collection and synthesis of personal profile data beyond what is needed for equity research, increasing privacy and compliance risk, especially if private-company subjects or non-material personal details are included.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow explicitly directs the agent to extract a ZIP archive into a working directory and generate a DOCX output file, but it does not require user awareness, confirmation, or any guardrails around filesystem writes. In an agent setting, silent archive extraction and file creation can modify the workspace unexpectedly, overwrite existing files, or expand attacker-controlled archive contents into unintended locations if path handling is unsafe.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation explicitly states live requests are enabled and includes example commands that send data to an external RapidAPI endpoint using an API key header, but it provides no warning about network transmission, third-party data exposure, or credential handling. In a skill context, users or downstream agents may copy and run these examples directly, causing unintended external calls and possible key misuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file showcases large volumes of signal-like trading content and directional recommendations without a consistent warning that the material is user-generated, may be unreliable, and is not investment advice. In an institutional-style equity research skill, this increases the risk that speculative crowd content is repackaged as vetted research, creating compliance, suitability, and user-harm concerns.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The workflow defines trigger phrases including broad, everyday language such as "upcoming events" and "what's coming up," which can match many unrelated user requests. In an agent system, overly broad activation can cause unintended invocation of this skill, leading to context confusion, incorrect tool usage, or accidental disclosure of market-analysis outputs when the user did not intend to request equity research support.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad phrases like 'find ideas', 'what looks interesting', and 'new ideas', which can match ordinary market discussion requests and invoke the workflow in situations the user may not intend. In an investment-research skill, accidental activation is risky because it can shift a general informational conversation into actionable stock screening and idea generation without appropriate framing or suitability checks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow is designed to surface long and short investment ideas, rank candidates, and prioritize names for further research, but it does not require any user-facing warning that the output is informational and not personalized financial advice. This increases the chance that users treat the results as actionable investment recommendations, especially given the institutional-style framing and explicit long/short presentation format.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow directs the agent to create, modify, and save multiple local artifacts, including editing an existing Excel file and writing a DOCX report, without requiring explicit user confirmation for filesystem writes or overwrite behavior. In an agent environment, this can lead to unintended file modification, overwriting prior work, or writing to sensitive locations if paths are inferred or reused unsafely.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad enough to overlap with ordinary finance and research requests, which can cause this workflow to activate when the user did not explicitly intend a model-update action. In a skill that may consume external data sources and potentially alter provided models or outputs, unintended invocation can lead to unnecessary data pulls, incorrect workflow selection, and downstream modification of user work product.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow states that it will produce an updated Excel model if the user provides one, but it does not clearly warn that user-supplied files may be modified or require explicit consent before alteration. In practice, this can create integrity and user-expectation risks, including silent overwrites, unintended edits to source files, or confusion about whether outputs are derived copies versus direct modifications.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad natural-language phrases such as "what happened overnight" and "trade idea," which can cause the skill to activate outside its intended institutional-equity-research context. Over-broad activation increases the chance of unintended routing, causing the agent to apply this workflow to ambiguous user requests and potentially generate financial-analysis outputs in inappropriate contexts.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "review my positions" is broad enough to activate this workflow for generic portfolio conversations that may not specifically request thesis tracking. In a financial context, that can cause the agent to pivot into maintaining or updating persistent thesis records and handling sensitive portfolio details without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow explicitly says thesis data should be stored in structured form and referenced across sessions, but it does not warn the user that portfolio-related information may persist. Because portfolio holdings, conviction, stop-losses, and thesis notes are sensitive financial data, silent persistence increases privacy and confidentiality risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The promotional signature explicitly solicits users to make private contact for trading signals, which is a classic off-platform conversion pattern. If surfaced by the agent, this could facilitate scams, undisclosed paid signal services, and evasion of platform safety controls, making it more severe than generic social metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal