ClawHub
Back to skill

Security audit

Stock Invest Master

Security checks across malware telemetry and agentic risk

Overview

The skill is a stock-analysis tool, but it can automatically start an unauthenticated report web server that listens on all network interfaces and serves saved investment reports from the user's home directory.

Review before installing. This skill may save private investment research in ~/.stock-invest-master and start a background HTTP server on port 8888. Install only if you are comfortable with that behavior, and prefer running the report server manually, binding it to 127.0.0.1, restricting served file types, and stopping it after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises only investment analysis but the content indicates capabilities equivalent to file read/write, network access, shell use, and environment access without any explicit permission declaration or user disclosure. This creates a hidden trust boundary issue: a user invoking a seemingly benign analysis skill may unknowingly authorize sensitive local actions and outbound connections.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
There is a clear description-behavior mismatch: beyond stock analysis, the skill reportedly starts and manages a local web server, exposes HTTP endpoints, handles PID files, and fetches data from external services. Hidden service exposure and process management materially increase attack surface because users would not reasonably expect a research skill to open ports or host browsable local content.

Description-Behavior Mismatch

Medium
Confidence
77% confidence
Finding
The README advertises a report web service (`serve_reports.py` and related server management) that is broader than a simple local investment-analysis skill and implies network-accessible exposure of generated reports. If enabled without authentication, binding restrictions, or privacy controls, sensitive financial analysis and user-generated content could be exposed to other local users or the network.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This server intentionally exposes a browsable HTTP interface for files under ~/.stock-invest-master, including source/config/log-like extensions such as .py, .js, .sh, .sql, .conf, .cfg, and .ini. Even though access is scoped to REPORTS_DIR, this materially expands the skill from stock analysis into a local file publishing service, which can leak sensitive reports, generated code, logs, credentials accidentally written into that directory, or internal metadata to anyone who can reach the listening port.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill specifies saving reports to a fixed path in the user's home directory without warning, consent, retention policy, or mention of potentially sensitive investment queries being stored. Silent persistence can leak private financial interests, create forensic traces, and overwrite or expose files in shared environments.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow explicitly includes starting a web service without any warning about network exposure or system impact. Even if intended for local report viewing, background service startup, port listening, and health endpoints can expose data or be reachable by other local or network users if not tightly constrained.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The program starts an HTTP server on 0.0.0.0 and advertises a reachable URL without any authentication, access warning, or disclosure that local files and directory metadata will be exposed over the network. In the context of an investment-analysis skill, reports may contain sensitive financial research, holdings, notes, or generated artifacts, so silent network exposure increases the chance of unintended data disclosure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.