ClawHub

股票盯盯智能监控系统

Security checks across malware telemetry and agentic risk

Overview

This is a coherent stock-monitoring skill, but it can store watchlist and alert data locally and should be configured carefully before use.

Before installing, replace or remove the default Feishu target, review any cron/background tasks you add, and assume configured stock symbols, costs, alerts, and behavior-analysis history may be stored under the skill directory. Treat alerts as informational only, not financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises itself as a stock alerting system, but the documentation references capabilities including shell execution, file read/write, environment access, and network activity without any declared permissions boundary. That mismatch is dangerous because it can enable broad host interaction and external data exfiltration while bypassing user expectations and platform trust controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose understates the actual behavior: it appears to perform behavioral analysis, persistent SQLite storage, end-of-day summary generation, monitoring beyond stocks, and external news fetching. This is risky because hidden or under-disclosed functionality increases the chance of unexpected data collection, persistence, and network activity beyond what a user consented to when installing a simple stock watcher.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script writes detailed cached monitoring data, including stock selections, alert results, and timestamps, to a predictable local file path without any access controls, retention policy, or user disclosure. On shared systems or agent hosts, this can expose sensitive investment preferences and monitoring history to other local users, processes, or later tasks.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This file creates and persists a long-term 'trader behavior' profile database that goes beyond simple stock alerting into behavioral profiling and hidden state accumulation. In an agent skill, undisclosed persistent profiling expands data collection scope, can surprise users, and creates privacy/compliance risk if users did not explicitly consent to this retention and purpose.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The integration monkey-patches the monitor class to inject new 'trader_habit' alerts that are not part of the declared rule set, causing behavior drift between manifest and runtime behavior. Hidden alert injection is dangerous because users and downstream systems may trust the documented scope while the skill silently adds opaque signals that affect decisions or prioritization.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The method claims to detect whether current market data matches learned habits, but for volume and price it appends 'matches' based only on historical most-common patterns and ignores current_data entirely. This can generate systematically misleading alerts, creating false confidence and potentially influencing trading decisions with fabricated or unsupported signals.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to configure a personal Feishu user ID for push alerts but does not clearly disclose that stock monitoring data, alert contents, and possibly trading-related metadata will be sent to an external messaging platform. This creates a real privacy and data-handling risk because users may unknowingly transmit sensitive financial information off-system without understanding retention, visibility, or third-party exposure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
A sensitive notification destination identifier is sourced from the environment and otherwise defaults to a fixed Feishu user ID, with no visible disclosure or confirmation to the user. In an agent environment, this creates a risk of silent message delivery to an unintended or attacker-controlled recipient if environment variables or defaults are misconfigured.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends stock symbols and market metadata to multiple third-party services (Eastmoney, Sina) without any in-skill disclosure or consent flow. While expected for a stock-monitoring tool, this still exposes the user's watchlist and query patterns to external providers, which may be sensitive in some trading or enterprise contexts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill writes cached monitoring data to disk without notifying the user, making local persistence invisible and harder to manage. This can leak portfolio interest, alert history, and timestamps through leftover files, especially on shared hosts, CI runners, or multi-tenant agent environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to configure a Feishu user ID for message delivery but does not clearly disclose that stock monitoring results and trading-related signals will be transmitted to an external third-party service. This can lead to unintended data disclosure, especially in environments where watchlists, position cost, or trading behavior are considered sensitive financial information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation directs users to configure Feishu push notifications using a personal user ID and to send stock alerts externally, but it does not clearly disclose that monitored portfolio data, price movements, and alert contents will be transmitted to a third-party messaging platform. This creates a privacy and data-sharing risk because users may expose sensitive investment information without informed consent or minimization controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal