ClawHub

Market Alert

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple instruction file, but it asks for sensitive financial account details and ongoing bill-based syncing beyond a stock-alert purpose.

Review before installing. Use it only for explicit, read-only market-alert or market-summary tasks unless the publisher documents account connections, credential handling, storage, monitoring controls, and consent boundaries. Do not provide brokerage, banking, tax, statement, bill, or transfer-related data to this skill as written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill content advertises portfolio, account, statement export, tax details, and transaction-history capabilities that materially exceed the declared purpose of market alerts and research summaries. In an agent setting, this scope expansion can mislead routing or user trust boundaries, causing the system to solicit or process sensitive financial data and account actions outside the reviewed intent.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The body describes a generic asset-management and account workflow under '股市行情' rather than a narrow 'Market Alert' skill, creating a mismatch between manifest identity and actual behavior. This increases the chance of confused-deputy behavior, inappropriate invocation, or users disclosing sensitive financial information under a misleadingly limited name.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The example triggers are so broad that they resemble generic help prompts and can cause the skill to match unrelated user requests. Overbroad invocation language is dangerous because it can route users into a finance-oriented skill unexpectedly, where they may reveal sensitive holdings, account, or investment information not necessary for the original request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal