ClawHub

A股/港股/美股数据查询

Security checks across malware telemetry and agentic risk

Overview

This market-data skill is mostly clear, but it contains a reachable local portfolio-management path that can run an unreviewed helper script and change local holdings records.

Install only if you are comfortable sending stock-query text to akshare.devtool.uk. Avoid using holdings or portfolio-management prompts with this skill until the maintainer removes that code path or separates it into a clearly documented, confirmed, reviewed capability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill manifest presents this as a hosted Akshare market-data lookup client, but the code also performs local portfolio management and analysis. This scope expansion is dangerous because users and orchestrators may grant the skill broader trust than intended, enabling unexpected local state changes and privacy exposure.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code spawns a local Python subprocess to manage portfolio state, which is a materially different capability from forwarding market-data queries to a hosted service. In agent environments, undeclared local execution and persistence are risky because they can bypass user expectations, policy constraints, and auditing assumptions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User queries are transmitted to a remote service endpoint, potentially including sensitive investment interests or identifiers, without an explicit disclosure at the point of transmission. In a skill ecosystem, hidden outbound data flows are dangerous because users may assume local-only processing from the CLI behavior and provide sensitive text accordingly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Portfolio add/remove operations can change local data immediately based on natural-language input, without explicit confirmation or warning. This is risky in agent settings because ambiguous or adversarial prompts could trigger unintended financial record changes, and users may not realize the skill writes local state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal