ClawHub

Xueqiu Combo Report

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Xueqiu holdings reporting workflow, with disclosed logged-in browser collection and local report generation risks users should understand.

Install only if you are comfortable using it in a logged-in Xueqiu session and saving holdings data locally. Treat exported files as sensitive financial data, use only accounts and data you are authorized to access, and avoid rendering untrusted JSON to PDF unless you run the Chrome step in a trusted or isolated environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
chrome = shutil.which('google-chrome-stable') or shutil.which('google-chrome') or shutil.which('chromium') or shutil.which('chromium-browser')
    if not chrome:
        return False, 'No Chrome/Chromium binary found'
    subprocess.run([chrome, '--headless', '--disable-gpu', '--no-sandbox', f'--print-to-pdf={pdf_path}', html_path.resolve().as_uri()], check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    return True, None
Confidence
87% confidence
Finding
subprocess.run([chrome, '--headless', '--disable-gpu', '--no-sandbox', f'--print-to-pdf={pdf_path}', html_path.resolve().as_uri()], check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to read files, write outputs, and execute shell commands, but it does not declare those permissions explicitly. This creates a trust and review gap: operators may approve or run the skill without understanding that it can modify the workspace and invoke local tooling. In a security-sensitive environment, undeclared shell and file access increase the chance of unintended data modification or misuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
76% confidence
Finding
The skill presents itself as an end-to-end workflow including browser-side collection, but the provided implementation only documents that collection step while actually relying on local scripts and a local Chrome/Chromium binary for PDF generation. This mismatch is dangerous because users may authorize or run the skill under incorrect assumptions about what is automated and what local executables or logged-in sessions are involved, which can expand the effective attack surface. Invoking a local browser binary to render untrusted or generated HTML also adds execution and data-exposure risk if not clearly disclosed and constrained.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template instructs the operator to run authenticated fetch requests inside an already logged-in Xueqiu browser session using `credentials: 'include'`, which accesses account-scoped data and exports it to local results without any consent, scope, or data-handling warning. Even if intended for legitimate personal use, this pattern can normalize exfiltration of private portfolio/account data and increases the chance of accidental over-collection or misuse in a privileged browser context.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal