ClawHub

A股T+0基金5分钟级别买卖监控

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed fund monitoring tool that installs market-data dependencies, stores local watchlists and logs, and can send optional notifications without evidence of hidden or malicious behavior.

Install only if you are comfortable with Python packages being downloaded from pip and with the skill storing fund codes, logs, and simulated trade history under the fund-monitor skill directory. Configure DingTalk or WeChat webhooks only if you trust those notification channels, and treat the generated buy/sell signals as informational rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and instructs use of capabilities including shell execution, network access, and file read/write, but does not declare any permissions or capability boundaries in the manifest. This creates a transparency and least-privilege failure: an agent or reviewer cannot accurately assess what the skill may do, and users may invoke a skill that can modify local state, install packages, or contact external services without explicit approval semantics.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad natural-language commands such as adding items to a monitoring list or viewing signals, which could plausibly appear in ordinary conversation and cause unintended activation. In this skill, accidental triggering is more concerning because the documented behavior includes filesystem changes, persistent monitoring state, and potential outbound notifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The installer runs pip3 install against network sources without any explicit confirmation, version pinning, hash verification, or controlled index configuration. This exposes users to supply-chain risk such as dependency confusion, malicious package updates, or compromised mirrors, and the script's role as a one-click installer makes accidental trust more likely.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal