ClawHub

Trading Quant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent financial market-data analysis skill that fetches public market/news data and stores local caches, with dependency and accuracy caveats but no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with the skill making outbound calls to public financial-data/news providers and writing local market-data caches. Treat the generated scores and sentiment as analysis aids, not investment advice, and consider pinning dependencies plus moving /tmp caches into a private app cache directory before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill advertises executable tooling with network, file read/write, and environment access but does not declare permissions. This creates a trust and review gap: users and hosting platforms cannot accurately assess what the skill may access or modify before execution, increasing the risk of unintended data exposure or local file changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared purpose frames the skill as a market-data analysis tool, but the documented behavior includes broader functions such as news aggregation, sentiment analysis, health checks, K-line warming/caching, local snapshot persistence, and report generation. This mismatch is dangerous because it can hide materially broader data collection, network activity, and filesystem effects than a user would reasonably expect from the description.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The batch profile invokes actions not clearly disclosed in the skill manifest, including news sentiment, margin data, 龙虎榜, top turnover, and especially a data-saving operation. This creates a capability mismatch where users or orchestrators may grant trust based on an incomplete description, increasing the risk of undisclosed data access, persistence, or side effects.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file advertises FinBERT-based sentiment analysis in its module docstring and comments, but `_get_finbert_analyzer()` is hardcoded to return `None`, so all sentiment scoring silently falls back to a simplistic keyword matcher. In a trading-analysis skill, this creates a deceptive integrity issue: downstream agents or users may trust outputs as model-based financial sentiment when they are actually generated by a far less reliable heuristic, leading to poor or manipulated decision-making.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The module writes cached classifications to a fixed path under /tmp without secure file handling. In multi-user or shared environments, predictable temporary-file paths can be tampered with via symlinks or read by other local users, causing cache poisoning or unintended disclosure of watchlist-derived metadata; in a trading context, even seemingly low-sensitivity metadata may reveal analyst focus or strategy interests.

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
75% confidence
Finding
aiohttp

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
88% confidence
Finding
pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal