ClawHub

stock

Security checks across malware telemetry and agentic risk

Overview

This financial-data skill does what it says, but it publishes and tells agents to use a shared fallback API key for external financial API requests.

Install only if you trust the external financial API and are comfortable sending your financial queries to it. Configure your own MX_APIKEY through a secure environment or secret store, do not rely on the bundled default key, and avoid including private account, portfolio, trading-plan, or confidential research details in prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to use a hard-coded default API key if no MX_APIKEY environment variable is present. Embedding fallback credentials in distributable skill content creates unauthorized or uncontrolled third-party API access, makes the key effectively public, and can lead to abuse, quota exhaustion, billing exposure, or downstream service blocking. In this context, the risk is increased because the skill is explicitly designed to perform live external queries, so the credential is immediately actionable rather than inert documentation.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The documentation explicitly provides a hardcoded default API key for a third-party service, which encourages use of shared embedded credentials instead of per-user secrets. This can lead to unauthorized API usage, quota theft, inability to attribute activity, and accidental exposure or misuse of a credential that should be managed securely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document embeds a default API key and instructs users to fall back to it if no environment variable is present. Publishing reusable credentials in skill documentation enables unauthorized use, quota exhaustion, billing abuse, and makes it easy for downstream agents or users to exfiltrate sensitive queries to the third-party service without proper account isolation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill allows broad natural-language financial queries without defining clear scope limits, prohibited query classes, or safeguards for sensitive/high-volume requests. In an agent setting, this can trigger unintended external lookups, excessive data retrieval, or processing of user input that may include sensitive information, increasing the chance of misuse or privacy issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs the agent to read an API key from the environment and send both that credential and the user's query to an external service, but it does not clearly disclose the data exfiltration risk or require user consent. The inclusion of a default sample API key further normalizes outbound authenticated requests and could lead to unauthorized use, credential misuse, or transmission of sensitive financial prompts to a third party.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill is defined broadly enough to activate for a wide range of generic finance questions, including market commentary, policy interpretation, and event analysis, without clear trigger boundaries or safety gating. In an agent setting, this can cause over-invocation of external search, unnecessary disclosure of user financial interests to a third-party API, and unreliable tool selection for queries that may not require external retrieval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-supplied queries and an API credential to an external endpoint but does not warn about third-party data transfer, retention, or handling. In a financial-information context, queries may contain sensitive investment interests, internal research topics, or other confidential information, so silent transmission creates privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read an API key from the environment and, if unavailable, to use a hard-coded default example key. This normalizes unsafe credential handling and can lead to unauthorized use of a shared key, accidental credential exposure in logs or prompts, and use of secrets without explicit user consent.

Ssd 3

Medium
Confidence
96% confidence
Finding
The output instructions require echoing the full user query in every response, which can unnecessarily reproduce sensitive user-provided information in logs, transcripts, shared chats, or downstream systems. In financial workflows, user queries may include proprietary interests, account-related context, or confidential research topics, increasing leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal