ClawHub

Mx Selfselect

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but it can persistently change a remote financial watchlist from natural-language input without a confirmation step.

Review before installing if you use this with a real Eastmoney/Miaoxiang account. Use MX_APIKEY, keep the key server-side, and run add/delete commands only when you explicitly intend to modify the remote watchlist. Be aware that query results are saved locally as CSV and raw JSON.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The document inconsistently refers to both MX_APIKEY and EASTMONEY_APIKEY for the same credential. This can cause operators to misconfigure secrets, place credentials in unintended locations, or misunderstand which components can access them, increasing the chance of credential handling mistakes. While not an exploit by itself, contradictory secret-handling guidance is a genuine security weakness.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The add/delete commands change the user's remote watchlist, but the usage section does not clearly warn that these are persistent account modifications. Users may invoke natural-language commands expecting a dry-run or lookup, leading to unintended changes to account data. In an account-integrated financial skill, unclear disclosure around write actions increases the risk of unauthorized or mistaken state changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The natural-language fallback can trigger state-changing add/delete operations without any explicit confirmation step. In an agent setting, ambiguous or prompt-injected user text could cause unintended portfolio modifications, especially because anything not recognized as a query is treated as a management command.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal