ClawHub

A Share Overnight Trading

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share overnight-trading guide with helper scripts; it carries financial-risk caveats but shows no hidden access, credential use, trading automation, or destructive behavior.

Install only if you understand this is educational trading material, not personalized financial advice. Treat the mock backtests and case studies as examples, not proof of profitability, and use real market data plus independent review before making any trade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script is positioned within a skill meant to support daily overnight stock selection, but the implementation only generates random synthetic market data and performs an offline mock backtest. In a financial-trading context, this mismatch is dangerous because users may mistake simulated outputs for actionable analysis, leading to poor investment decisions based on fabricated evidence.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file header and reporting language describe the output as a backtest and strategy evaluation, even though the data is randomly generated rather than derived from real market history. In this trading skill context, that framing materially increases the risk of deceptive or over-trusted results, since users may infer historical validation where none exists.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file presents itself as a backtest and prints analytical conclusions, but it only generates random synthetic data and then derives seemingly authoritative trading commentary from that fabricated output. In a trading skill, this is dangerous because users or downstream agents may treat the results as evidence-based strategy validation, leading to misinformed financial decisions despite there being no real historical testing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document provides concrete trading workflows, selection criteria, execution timing, and profit examples that could encourage real financial activity, while lacking a clear up-front risk disclosure and non-guarantee statement. In the context of a skill explicitly intended to help choose stocks for overnight trading, this omission increases the chance that users treat the material as dependable financial advice and underestimate losses from volatility, liquidity, or black-swan events.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal