ClawHub

持仓诊断分析

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is broadly aligned with its stated purpose, but it runs Python from a hard-coded external workspace and handles portfolio data with too little scoping or disclosure.

Review before installing. Use only in a private, trusted workspace, and do not run it if untrusted users or tools can edit the referenced _holdings_std.py or external workspace modules. Expect it to send stock symbols to Tencent market-data endpoints and to save portfolio analysis locally. A safer version would use JSON/CSV holdings input, package or pin its dependencies, avoid external sys.path precedence, and clearly disclose stored and transmitted financial data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

exec() call detected

High
Category
Dangerous Code Execution
Content
# ─── 持仓数据(唯一数据源:scripts/_holdings_std.py)───────────────
_std = os.path.join(_WORKSPACE, 'scripts', '_holdings_std.py')
_h = {}
exec(open(_std, encoding='utf-8').read(), _h)
HOLDINGS = _h.get('HOLDINGS', [])

# ─── 外部模块 ─────────────────────────────────────────────────────
Confidence
99% confidence
Finding
exec(open(_std, encoding='utf-8').read(), _h)

Direct flow: open (file read) → exec (code execution)

High
Category
Data Flow
Content
# ─── 持仓数据(唯一数据源:scripts/_holdings_std.py)───────────────
_std = os.path.join(_WORKSPACE, 'scripts', '_holdings_std.py')
_h = {}
exec(open(_std, encoding='utf-8').read(), _h)
HOLDINGS = _h.get('HOLDINGS', [])

# ─── 外部模块 ─────────────────────────────────────────────────────
Confidence
99% confidence
Finding
exec(open(_std, encoding='utf-8').read(), _h)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill loads executable content from an external workspace file even though the stated purpose is holdings analysis, not dynamic code loading. In this context, the behavior is more dangerous because the file likely contains sensitive portfolio inputs and the workspace path is broad, making code substitution or tampering a realistic abuse path.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly states it reads a holdings list and calls the Tencent API for real-time market data, but the documentation does not warn users that portfolio-related data may be transmitted to a third party. Even if only ticker symbols are sent, holdings information can reveal sensitive financial interests and create privacy, compliance, or data-governance issues when transferred without clear disclosure and consent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill writes detailed holdings analysis, including positions, prices, profit percentages, and signals, to a local JSON file without any disclosure, access control, or minimization. If the host is shared, backed up, synced, or later accessed by other tools, this can leak sensitive financial information and trading inferences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal