ClawHub

Financial Ai Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent market-data lookup skill, but it asks the agent to save a financial API key by editing the main OpenClaw config file with weak safeguards.

Use the quote lookup only if you are comfortable sending requested symbols and an API key to api.financialagent.cc. Before letting the agent save a custom key, back up ~/.openclaw/openclaw.json, use a dedicated low-privilege key, and avoid the documented jq command unless you confirm it will not overwrite other custom settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s stated purpose is querying market data, but it also instructs the agent to modify the user’s local OpenClaw configuration to persist credentials. That expands the skill from a read-only network client into one that performs local state changes involving secrets, which creates unnecessary risk if the key is mishandled, overwritten, or later exfiltrated.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented behavior includes reading and writing a local credential in ~/.openclaw/openclaw.json even though financial quote lookup only requires sending a symbol to a remote API. This is dangerous because it grants the skill unnecessary access to local sensitive configuration and normalizes secret persistence in a file path unrelated to the user’s immediate request.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill tells users to place an API key into a local config file and later read it back, but it provides no meaningful guidance on secret handling, file permissions, rotation, or avoiding accidental disclosure. Credentials stored this way may be exposed through logs, backups, shell history, or overbroad file access by other tools.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal