ClawHub

AKQuant A-Share Backtesting

Security checks across malware telemetry and agentic risk

Overview

The backtesting code mostly matches its purpose, but the package includes unrelated personal-looking portfolio data and under-disclosed local data behavior that users should review before installing.

Review or remove config/holdings.yaml before use, and confirm that you want a backtesting workflow rather than general financial analysis. Expect the skill to install unpinned Python packages, fetch market data from AKShare, and optionally use a local CSV cache; do not treat its outputs as investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill advertises AKQuant/AKShare-based A-share backtesting with RSI and custom strategy support, but the finding indicates undocumented behaviors such as reading local CSV files and unsupported/unfinished features. This is dangerous because users and orchestrators may invoke the skill under false assumptions, causing unintended access to local workspace data and misleading outputs that appear authoritative for financial analysis.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match generic requests like stock analysis or performance questions, which can cause the wrong skill to activate without clear user intent. In a financial context, inappropriate activation can mis-scope the task, leading to irrelevant tool use, unintended command suggestions, or overconfident backtesting guidance where the user only wanted conceptual analysis.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal