Taiwan Fund

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Taiwan mutual-fund lookup tool that fetches public financial data and keeps a limited local TDCC cache.

Install if you are comfortable with the skill sending fund codes, fund names, symbols, and exchange-rate requests to public financial-data services and storing a TDCC NAV cache under ~/.openclaw/cache/taiwan-fund/. Treat the outputs as informational financial data, not investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill performs network access and local cache/file writes but does not declare those capabilities. Undeclared side effects reduce transparency and can bypass a user's expectation of a read-only informational skill, especially because it writes cache files and depends on multiple remote endpoints.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared description understates the actual behavior: the skill also downloads TDCC data, queries Yahoo Finance and exchange-rate services, reads/manages a local watchlist, and generates helper outputs not reflected in the metadata. This mismatch is dangerous because users and policy layers may approve the skill under narrower assumptions than its real execution behavior.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill contacts several third-party services and writes local cache files, but the description does not clearly warn users about external network requests or local persistence. While not directly exploitable on its own, this lack of disclosure can lead to privacy and trust issues if users provide sensitive fund identifiers, usage patterns, or assume no local artifacts are created.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal