ClawHub

Mx Stock Simulator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real simulated stock-trading skill, but it needs review because it can change a simulated financial account and sends an API key to a configurable endpoint without strong safety controls.

Install only if you intend to use a simulated trading account. Keep MX_APIKEY secret, leave MX_API_URL on the official provider endpoint unless you fully trust another endpoint, and manually confirm every buy, sell, sell-all, cancel, or cancel-all action before letting an agent execute it. Periodically clear saved output files if they contain account or portfolio details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'full_url' from os.environ.get (line 19, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
    
    try:
        response = requests.post(full_url, headers=headers, json=body)
        response.raise_for_status()
        result = response.json()
Confidence
95% confidence
Finding
response = requests.post(full_url, headers=headers, json=body)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes destructive trading operations such as buy, sell, and cancel without requiring explicit user confirmation or a safety interlock. Even though this is framed as simulated trading, it still enables state-changing financial actions and can cause unintended orders, portfolio changes, or mass cancellations from ambiguous user input.

Vague Triggers

Medium
Confidence
75% confidence
Finding
Overly broad trigger phrases can cause the skill to activate on ordinary conversation and invoke sensitive account queries or trading workflows unintentionally. In a financial skill, accidental activation is more dangerous because it can expose account data or initiate transaction-like actions based on ambiguous language.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script sends account-related requests and an API credential to a remote service without any explicit disclosure, confirmation, or transparency to the invoking user beyond a success message after the fact. In a skill context handling financial account data, silent outbound transmission increases privacy and trust risk, especially when combined with configurable endpoints.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script persists retrieved financial account data to a fixed directory on disk without user notice, consent, retention limits, or access-control checks. In shared or multi-tenant agent environments, this can expose sensitive portfolio and balance information to other processes or users and create unnecessary long-term data retention.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal