Yahoo Claw

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate finance-data skill, but it needs review because it includes an exposed Alpha Vantage API key in test code and gives direct buy/sell recommendations without clear financial-advice warnings.

Install only if you are comfortable with outbound requests to Yahoo Finance and potentially Alpha Vantage. Treat its technical signals and buy/sell wording as informational only, not financial advice. The publisher should remove and rotate the hardcoded Alpha Vantage key, clearly name all external providers in the manifest, and add prominent financial-risk disclaimers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill metadata frontmatter does not declare permissions, while the content indicates use of environment variables and outbound network access. Missing explicit permission declarations weakens security review and user consent, because the agent may invoke capabilities not formally surfaced in policy or installation checks.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented purpose says this is a Yahoo Finance integration, but the finding indicates additional behaviors such as sentiment analysis, recommendation generation, Alpha Vantage fallback, and usage statistics/failover management. Undeclared functionality increases risk because it can expand data flows, introduce extra external dependencies, and cause the skill to be triggered or trusted in situations beyond what users and reviewers expect.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The documentation claims the skill supports Alpha Vantage as a backup data source with automatic failover, which expands behavior beyond the stated Yahoo Finance-only scope. This can mislead users or host systems into supplying external API keys and relying on undeclared third-party integrations, creating a scope and trust-boundary mismatch.

Description-Behavior Mismatch

Low

Confidence: 81% confidence
Finding: The docs advertise technical-indicator and broader market-analysis capabilities tied to Alpha Vantage that are not declared in the manifest. While this is primarily a documentation/scope issue, it can cause consumers to assume the skill is authorized for broader data access and analysis than it has disclosed.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The file materially contradicts the declared skill purpose by testing an Alpha Vantage integration inside a Yahoo Finance skill. This kind of capability mismatch can mislead users, reviewers, and downstream agents about what external service is actually being contacted, creating supply-chain, compliance, and data-flow risk if the skill is trusted for one provider but silently uses another.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The header explicitly states the file is testing Alpha Vantage, reinforcing the discrepancy with the Yahoo Finance skill description. While a comment alone is not executable, in this context it is evidence of a real provider mismatch that can conceal undeclared third-party access and confuse security review or operational expectations.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The README advertises news aggregation from multiple external sources and sentiment analysis, but it does not disclose that user queries or requested symbols may trigger outbound requests to third-party services. In an agent skill context, undocumented external transmission can create privacy, compliance, and trust issues because operators may not realize data leaves the local environment or is shared with additional providers.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger text is broad ('use when users ask for stock prices, company financials, historical data, dividends, or market data'), which can cause over-activation. Overly broad activation boundaries may lead the agent to invoke this skill in ambiguous finance-related contexts, unnecessarily exposing network access, environment-backed API integrations, or external data sources.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The module produces direct investment advice such as 'strong buy' and 'strong sell' with confidence percentages, but provides no warning that the output is informational, may be inaccurate, and is not financial advice. In a finance skill context, this increases the risk that users rely on the tool for real trading decisions, creating user-harm and compliance risk even though it is not a code-execution or data-exfiltration flaw.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal