ClawHub

A股智投大师

Security checks across malware telemetry and agentic risk

Overview

This A-share stock assistant is coherent, but it can alter remote watchlists and monitoring rules through broad prompts without clear confirmation or undo guidance.

Review the dependent skills before installing, configure the East Money API key only if you trust that service, and require explicit confirmation before adding or deleting self-selected stocks or creating monitoring alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The command examples are extremely broad natural-language phrases such as '分析 [股票]' and '最近有什么新闻', which can overlap with ordinary conversation and cause the skill to activate unexpectedly. In an agent environment, this can lead to unintended financial lookups or downstream actions when a user did not clearly intend to invoke the skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes actions that modify a user's watchlist and create monitoring rules, including examples like adding stocks to self-select lists and setting alerts, without explicit warnings or confirmation requirements. In a financial assistant context, unintended state changes can alter a user's portfolio tracking, generate noisy alerts, or cause trust and workflow issues if triggered accidentally or through prompt confusion.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The keyword list is very broad and includes generic finance and lifestyle terms such as '投资', '理财', and '副业', which can cause the skill to trigger in conversations that are not specifically asking for this capability. In a financial skill that can query watchlists, perform analysis, and set monitoring rules, unintended invocation increases the chance of unnecessary data access or actions on behalf of the user.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill supports viewing and managing self-selected stocks and setting monitoring alerts, but its description and usage guidance do not clearly warn that these operations may access or modify personal investment preference data. In the context of a finance assistant, this omission is more sensitive because watchlists and alert rules can reveal holdings, interests, strategy, and behavior patterns.

Missing User Warnings

High
Confidence
89% confidence
Finding
This method performs remote state-changing watchlist management based on a free-form query string, with no local confirmation, validation, or guardrails. In an agent setting, ambiguous or prompt-influenced input could trigger unintended add/delete actions on a user's portfolio data at the external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal