ClawHub

dabai/finance-news-brief

Security checks across malware telemetry and agentic risk

Overview

This is a coherent finance-report generator, but it can automatically run local code, install a Python package, and launch unsandboxed Chrome for broad market-news requests.

Install only if you want broad finance-news prompts to create full Markdown and PDF reports. Prefer running it in an isolated virtual environment or container, review before allowing dependency installation, and ask explicitly for a short answer when you do not want web searches, file writes, or PDF generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
debug_port = s.getsockname()[1]

    # 3. 启动 Chrome,开启远程调试
    chrome_proc = subprocess.Popen(
        [
            chrome,
            "--headless=new",
Confidence
94% confidence
Finding
chrome_proc = subprocess.Popen( [ chrome, "--headless=new", "--disable-gpu", "--no-sandbox", "--disable-extensions",

subprocess module call

Medium
Category
Dangerous Code Execution
Content
__import__(import_name)
    except ImportError:
        print(f"正在安装依赖: {package} ...")
        subprocess.check_call([sys.executable, "-m", "pip", "install", package, "-q"])


def find_chrome():
Confidence
92% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", package, "-q"])

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script's auto-install behavior adds external dependency retrieval and package-management capabilities beyond its stated purpose of Markdown-to-PDF conversion. In a skill context that may run unattended, this is more dangerous because it permits network-dependent code installation and execution during normal use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Launching Chrome with remote debugging and --no-sandbox gives the script a stronger browser-control mechanism than needed for simple PDF rendering and weakens process isolation. Because the tool converts content that may originate from external news or user-supplied Markdown, this context makes unsafe browser execution more concerning, not less.

Vague Triggers

High
Confidence
90% confidence
Finding
The trigger conditions are extremely broad and mandate invocation for common finance-related queries, including vague requests like asking how the market is today. Over-broad forced triggering can cause unnecessary web access, file creation, and shell-based PDF generation in situations where the user did not request those actions, increasing the risk of unauthorized or surprising side effects.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The eval explicitly trains the skill to trigger on a very broad, everyday-language request like '今天市场有什么大事?', which can cause the agent to invoke this skill even when the user did not clearly ask for file generation, web collection, or a full report workflow. This increases the risk of over-broad delegation, unnecessary web access, and unintended file creation, especially because the skill metadata says such prompts must trigger the skill automatically.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The expected behavior requires Chinese output by default without checking the user's language preference or locale. While not a direct exploit primitive, this can override user intent, reduce usability, and create unsafe assumptions in multilingual environments where the user may not be able to verify the generated financial content.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
This eval again mandates structured Chinese output without any language opt-in, reinforcing a hardcoded language behavior across the skill. In the context of a finance-reporting skill, that makes the agent less predictable and can cause users to receive reports in a language they did not request, undermining clarity and informed review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal