ClawHub
Back to skill

Security audit

Eastmoney Stock.Bak2

Security checks across malware telemetry and agentic risk

Overview

This stock-data skill includes under-disclosed stock-picking and portfolio-allocation advice that users could mistake for current market data.

Review before installing. Use it only as a public market-data helper, verify quotes and rankings with a trusted source, and do not rely on its stock picks, stop-losses, or portfolio allocations as investment advice. I found no evidence of credential theft, persistence, destructive actions, or exfiltration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill appears to require network access to fetch live stock data, but no permissions are declared. Hidden or undeclared network capability weakens transparency and reviewability, and can enable unexpected outbound requests or data exfiltration if the implementation changes or is abused.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented purpose says the skill queries Eastmoney stock data, but the analysis indicates materially different behavior: using a different provider, expanding into sector analysis, and even generating market commentary, recommendations, and portfolio advice. This mismatch is dangerous because users and reviewers may trust the skill for narrow quote lookup while it actually performs broader, higher-risk financial-advice behavior that is not disclosed.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This code does more than fetch and display stock data: it classifies price movement and emits explicit trading guidance such as whether to chase gains, hold, watch, or avoid bottom-fishing. In a skill described as a data-query tool, this creates unsafe financial advice behavior that can mislead users into acting on simplistic logic without suitability checks, risk profiling, or compliance controls.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The implementation calls a Sina Finance quote endpoint even though the skill is labeled as an Eastmoney stock skill. This mismatch can mislead operators and users about data provenance, trust assumptions, terms of use, and expected behavior, which is a security and integrity concern even if it is not direct code execution or exfiltration.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The module docstring claims the script uses the Sina Finance API, but the implementation never performs any network call and instead prints hard-coded market sectors and stock picks. In a finance skill, this is dangerous because users may rely on stale or fabricated information under the false belief that it is live market data from a reputable source.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill metadata says it queries Eastmoney stock data, but this file does not query Eastmoney or any live source and instead emits hard-coded sector recommendations and specific stock suggestions. In the context of an investing-related skill, this mismatch materially increases risk because users may interpret subjective, stale, or incorrect recommendations as authoritative real-time market output.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises Eastmoney stock querying functionality, but this file only outputs hard-coded sectors, prices, and analysis text while importing requests without using it. This is dangerous because users may rely on stale or fabricated market information as if it were live data, creating integrity and trust issues in a financial context.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file does more than quote stock data: it generates explicit stock picks, position sizing, and stop-loss guidance for a 100 万 portfolio. In a stock-data skill, this is dangerous because it crosses into personalized-seeming investment advice without suitability checks, disclaimers are insufficient, and users may act on unsupported recommendations.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The comments state the sector list is based on Eastmoney and Tonghuashun public data, but the code never fetches or verifies any such source. This misrepresents provenance, which is especially risky in a financial skill because it can cause users to trust invented or outdated data as externally sourced market intelligence.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation examples are broad enough to overlap with ordinary stock conversation, so the skill may trigger in contexts where the user did not intend to invoke a tool. In a finance context, over-broad activation is more dangerous because it can unexpectedly fetch external data or present analysis/advice, increasing the chance of misleading outputs or unintended reliance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal