ClawHub

A股市场分析报告/china A stocks daily review

Security checks across malware telemetry and agentic risk

Overview

This stock-report skill is mostly aligned with its purpose, but it enables default scheduled outbound report delivery and can generate financial commentary that is not fully sourced from live data.

Install only if you want recurring A-share market reports that may be saved locally and sent to linked messaging accounts. Before using it, disable or review the scheduled auto-push tasks, protect or avoid the plaintext Tushare token file, and verify generated financial claims against live sources because parts of the report are hardcoded or synthesized rather than strictly fetched.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a report-generation tool but also defines automated scheduling, file persistence, and outbound delivery to external messaging endpoints. These side effects expand the data-handling footprint and may cause sensitive or misleading content to be stored or transmitted automatically without clear user awareness at execution time.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Automatic pushing to bound messaging endpoints is not necessary for the core analytical function and creates an unnecessary exfiltration and spam vector. If the generated content includes sensitive prompts, local data, or erroneous market commentary, it could be distributed externally at scale without a confirmation step.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill first states that missing or uncertain data should be left blank and never fabricated, but later authorizes selecting a middle value when sources conflict. That contradiction can normalize invented or unauditable financial data in generated reports, which is especially risky in a market-analysis context where users may act on reported figures.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This renderer does not merely format fetched data; it manufactures substantive market narratives, causal claims, sentiment labels, and strategy conclusions from hardcoded text and thin heuristics. In a financial-analysis skill, this is dangerous because users may rely on output that appears data-driven and timely but is actually partially fabricated, leading to misleading investment decisions and compliance risk.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The code emits tactical trading guidance such as sector focus, entry-style cues, avoidance instructions, and next-day signal watching, which goes beyond the manifest's stated out-of-scope boundaries like stock picking and strategy advice. In this skill context, that mismatch makes the issue more dangerous because the skill may be trusted for neutral market review while covertly acting as an investment-advice generator.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The metadata and skill description promise that missing data is left blank and not fabricated, but the implementation inserts hardcoded fallback figures, narratives, and stock lists. This integrity gap is security-relevant because it undermines trust boundaries: downstream users or systems may treat the report as factual market data when portions are synthetic and undisclosed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Enabling automatic push delivery by default to linked messaging channels creates an outbound data-sharing action without clear opt-in or prominent warning. Even if the content is market commentary, automatic delivery can leak user activity patterns, linked-account metadata, or generated content to external channels the user did not realize were active.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Default automatic pushing to external messaging channels without clear opt-in is the substantive risk here; the language/format tailoring is secondary. Combined with auto-delivery, this can cause unreviewed content to be sent externally in a form optimized for distribution, increasing the likelihood of privacy leakage or unwanted automated messaging.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal