ClawHub
Back to skill

Security audit

量化选股系统 - 基于 AKShare + 多因子模型的 A 股选股工具

Security checks across malware telemetry and agentic risk

Overview

This stock-picking skill is not malware, but it overstates its automated financial recommendation features and has scoring flaws that could mislead users.

Review before installing. Do not rely on the advertised win rates or factor completeness without independent testing, and do not configure email credentials or cron jobs until the missing tools, config, data modules, and email sender are present and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill advertises a much more capable and automated stock-selection system than is actually implemented, including news analysis, daily top-3 recommendations, performance tracking, and email delivery. In a financial context, this mismatch can mislead users into relying on nonexistent controls, analytics, or reporting, causing poor investment decisions and unsafe trust in the tool's outputs.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The code advertises a six-dimension score including a 90% concentration factor, but the implementation does not actually propagate concentration data into chip_factors. In calculate_combined_score it reads chip_factors.get('details', {}).get('concentration_90', 100), yet calculate_chip_factors returns a flattened dict without a details field, causing the concentration component to silently default and making the scoring logic materially misleading.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The function labeled as capital-factor calculation returns hard-coded favorable placeholder values instead of real market data. In a stock-selection skill, this creates systematically misleading outputs and can bias recommendations while concealing that the data source is unavailable, which is dangerous because users may make financial decisions based on fabricated factor inputs.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases are broad enough to match ordinary stock-related conversation, which can cause the skill to activate unexpectedly. In this context, unintended activation may surface speculative financial recommendations when the user did not explicitly request this tool, increasing the risk of confusion or over-reliance.

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
pandas>=1.5.0
numpy>=1.23.0
Confidence
95% confidence
Finding
akshare>=1.18.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
pandas>=1.5.0
numpy>=1.23.0
Confidence
97% confidence
Finding
pandas>=1.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
akshare>=1.18.0
pandas>=1.5.0
numpy>=1.23.0
Confidence
97% confidence
Finding
numpy>=1.23.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.