ClawHub

Robinhood for Agents

Security checks across malware telemetry and agentic risk

Overview

This skill openly connects to Robinhood for portfolio access and live trading, with high financial risk but no hidden or unrelated behavior found.

Install only on a trusted machine and only if you trust the external `robinhood-for-agents` package. Treat all portfolio, account, and order output as private financial data. Personally review every command and require an explicit yes/no confirmation for trades and cancellations, including symbol, side, quantity, price, order type, and account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example code retrieves full holdings, account details, and crypto positions, then prints them as formatted JSON, which can expose highly sensitive financial information such as account identifiers, balances, positions, and buying power. In an agent setting, this is riskier because outputs may be logged, forwarded to other tools, shown to end users, or stored in conversation history without explicit privacy warnings or data-minimization guidance.

Missing User Warnings

High
Confidence
96% confidence
Finding
This reference documents real stock, options, crypto order placement and cancellation capabilities without any warning that these actions can execute live trades or modify real brokerage orders. In an agent setting, that omission materially increases the risk that a user or upstream agent invokes irreversible financial actions without explicit confirmation, sandboxing expectations, or understanding of monetary consequences.

Missing User Warnings

High
Confidence
94% confidence
Finding
The login tool explicitly states that it captures OAuth tokens automatically, but provides no privacy or security warning about handling highly sensitive credentials and session material. In an agent ecosystem, undocumented token capture can lead to overbroad trust, insecure logging or storage, and unintended account takeover risk if tokens are exposed or reused.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example explicitly restores an authenticated Robinhood session and immediately performs account-backed API access without any warning that the code uses a live logged-in brokerage context. In an agent skill for trading, normalizing silent session reuse can cause users or downstream agents to run sensitive financial actions under real credentials without clear disclosure, increasing the risk of unintended access, privacy exposure, or later unsafe extension into trading flows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file requires explicit user confirmation before placing orders, but the cancellation example omits an equivalent confirmation or warning step for destructive account actions. In a trading context, canceling an open order can materially affect execution, risk exposure, and trading outcomes, so showing a direct cancellation call without a confirmation requirement can lead an agent to perform unintended financial actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal