ClawHub

Hk Ipo Research Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed Hong Kong IPO research tool, with the main caution being optional local storage of a user financial profile.

Install only if you are comfortable with a local IPO research tool making public financial-data network requests. Avoid the profile feature unless you want capital, risk preference, margin preference, and broker saved in scripts/config/user-profile.yaml; delete that file when you no longer want the skill to retain those details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation clearly indicates capabilities to access the network, read files, and write files, yet no permissions are declared in the manifest. That creates a transparency and policy-enforcement gap: users and the platform cannot accurately assess or constrain what the skill will do, especially since it also writes a persistent user profile file.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documented profile workflow goes beyond transient IPO data retrieval and instructs collection and persistence of user financial information such as capital, risk preference, margin usage, and broker. That is sensitive preference data, and collecting it without clearly scoping, justifying, or minimizing retention increases privacy risk and expands the skill's data-handling footprint unnecessarily.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The `profile` command reads a local `user-profile.yaml` and, when absent, emits instructions telling the AI to ask the user for personal financial details and write a config file. That goes beyond the stated market-data research scope and creates a data-collection/persistence capability for sensitive user information, which can enable unauthorized profiling or broader agent behavior than users expect.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This code implements personalized recommendation-oriented processing by combining a stored user risk/capital profile with current IPO data, despite the skill being described as a research/data retrieval assistant. That mismatch increases the chance of over-privileged use, unexpected handling of sensitive financial preferences, and agent actions that materially affect user decisions without proper disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The profile feature explicitly tells the operator to ask for and store financial preference data in a local YAML file, but it provides no privacy notice, retention policy, consent flow, or warning that the data will persist. Because the data includes capital amount, risk tolerance, margin behavior, and broker, this creates avoidable privacy and handling risks if the host environment is shared, logged, or later compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal