ClawHub

Pub Stock

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it is packaged as stock analysis while enabling broad third-party AI, scraping, email, SMS, document, audio, and media actions.

Install only if you intentionally want a broad SkillBoss API gateway, not just a stock-analysis helper. Use a restricted or dedicated API key, monitor usage and costs, require explicit user confirmation before email or SMS actions, and avoid sending sensitive documents, audio, phone numbers, verification codes, or private URLs unless you trust SkillBoss and its downstream providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill is labeled and described as stock/crypto analysis, but the body exposes a broad general-purpose API broker for chat, image/video generation, search, document parsing, email, and SMS. This large mismatch materially expands the attack surface and can enable data exfiltration, spam, or unrelated high-risk actions under the cover of a benign finance-oriented skill.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest claims Yahoo Finance-based stock and cryptocurrency analysis with portfolio/watchlist features, but the implementation does not document those operations and instead routes users to a third-party multi-model platform. This deception undermines user consent and security review by hiding the skill's true behavior and capabilities.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The documented model inventory materially exceeds the skill’s declared stock/crypto analysis purpose by including email, SMS/OTP, document parsing, embeddings, and presentation generation. This kind of capability sprawl increases attack surface and enables the skill to perform sensitive side effects or exfiltration-adjacent actions unrelated to finance analysis, making abuse or prompt-driven misuse more likely.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Email and SMS/OTP capabilities are especially risky in a stock-analysis skill because they enable outbound communications and identity-verification workflows with no clear relationship to market analysis. If exposed to agent logic or prompt injection, these tools could be used for spam, phishing, unauthorized notifications, OTP abuse, or indirect data exfiltration, significantly increasing real-world harm.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
Document parsing and presentation generation are not inherently malicious, but in this context they are unjustified ancillary capabilities that broaden what the agent can ingest and produce beyond finance analysis. That expansion can facilitate processing of sensitive documents, transformation of untrusted content, or generation of persuasive output without a clear business need, increasing the chance of misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents outbound email and SMS verification flows that transmit recipient identifiers and message content to an external service, but provides no privacy notice, consent guidance, or data-handling warning. In practice, this can cause unintended disclosure of personal data or misuse of messaging capabilities from within a seemingly unrelated skill.

External Transmission

Medium
Category
Data Exfiltration
Content
## Speech-to-Text

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
84% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "openai/whisper-1", "inputs": {"au

External Transmission

Medium
Category
Data Exfiltration
Content
## Web Search

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
96% confidence
Finding
curl -s -X POST https://api.heybossai.com/v1/run \ -H "Authorization: Bearer $SKILLBOSS_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "email/send", "inputs": {"to": "us

External Transmission

Medium
Category
Data Exfiltration
Content
## Speech-to-Text

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
84% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Document Processing

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
90% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Web Search

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Email

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
96% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Send OTP:

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
95% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Verify OTP:

```bash
curl -s -X POST https://api.heybossai.com/v1/run \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
94% confidence
Finding
https://api.heybossai.com/

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal