ClawHub

drillr — Power Terminal for Deep Financial Research

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Drillr financial research skill, but it asks users to paste live API keys into chat and enables persistent account-backed watchlist changes.

Install only if you are comfortable giving the agent a dedicated Drillr API key and letting it access or change Drillr watchlists. Prefer configuring the key through a local secret store or environment managed outside chat; avoid pasting the raw key into conversations or shell history, use a revocable least-privilege key if available, and require confirmation before deleting or bulk-changing watchlists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly says the skill will help an agent onboard a user and collect an API key, but it provides no warning about treating that key as sensitive, limiting where it should be pasted, or avoiding accidental storage in logs, transcripts, or third-party runtimes. In an agent-skill context, this omission is more dangerous because users may trust the workflow and disclose credentials into environments with unclear handling or retention.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough that an agent may invoke this skill for many common finance-related prompts without first establishing whether external access, persistent account mutation, or paid/user-scoped credentials are appropriate. That increases the chance of unnecessary data sharing and accidental use of state-changing features when a local answer or a narrower tool would suffice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises persistent per-user watchlists but does not give an upfront warning that these operations create, modify, and delete data on the user's external Drillr account. In an agent setting, that omission can lead to surprising side effects and unintended account changes if the tool is invoked automatically.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The template explicitly instructs users to paste a live Drillr API key into the conversation, but does not warn that chat transcripts may be logged, retained, exposed to operators, or later accessed by other tools. Telling users they can delete the message afterward does not eliminate the exposure because the credential may already have been stored in conversation history, telemetry, or agent memory.

Ssd 3

High
Confidence
99% confidence
Finding
This is a true secret-handling flaw: the onboarding text normalizes sending the full credential over an IM/web chat/phone-mediated conversation channel. In the context of a financial research skill with persistent per-user access, compromise of the API key could let an attacker use the victim's Drillr account capabilities, access watchlists or research activity, and incur unauthorized usage until the key is revoked.

Ssd 3

High
Confidence
99% confidence
Finding
The retry and revocation messages repeatedly request fresh API keys to be pasted back into the conversation, increasing the number of opportunities for credential leakage and conditioning users to share secrets through chat. Repeated collection after failures is especially risky because users may expose multiple valid or recently valid credentials across logs and support transcripts.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal