ClawHub

Stock Watcher Pro

Security checks across malware telemetry and agentic risk

Overview

Stock Watcher Pro is a coherent portfolio-monitoring skill, but users should review it because it stores sensitive financial data and its local-only privacy claims conflict with dashboard materials that describe syncing that data to Supabase.

Install only if you are comfortable with a workspace tool retaining portfolio positions, cost basis, price targets, watchlists, filing summaries, and investment thesis notes. Treat the local-only security claims as overstated, do not enable the dashboard/Supabase path unless you intentionally want remote sync with proper auth/RLS, and review or fix the shell scripts before granting exec or scheduling access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README makes an absolute security claim that there is 'No data exfiltration. No phoning home' while simultaneously advertising required internet-enabled tools such as web_search, web_fetch, and exec. Even if the skill is intended only to fetch public market data, this contradictory assurance can mislead users into granting trust and tool access under false assumptions, increasing the risk that portfolio data, prompts, or derived intelligence could be transmitted externally.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill explicitly claims to be 'read-only intelligence' while also instructing the agent to write portfolio, watchlist, source, filing, thesis, and briefing data and to run scheduling scripts. That mismatch can mislead users and platform policy layers about the skill’s actual capabilities, increasing the risk of unauthorized file changes, persistence, and automation being enabled under false assumptions.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script comments claim path resolution stays within the skill boundary, but the code sets WORKSPACE_DIR by traversing three directories upward, allowing the skill to read and act on files outside its own package. In an agent-skill context, this weakens isolation and can expose or modify parent-workspace data such as config, portfolio, watchlist, and source files that were not intended to be in scope for this skill.

Vague Triggers

High
Confidence
94% confidence
Finding
The invocation criteria are extremely broad, including 'anything related to stock monitoring and portfolio intelligence,' which can cause the skill to activate during casual financial conversations. Over-broad triggering increases the chance of unintended data collection, file writes, memory storage, web access, and alerts without clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill processes and stores highly sensitive financial data including holdings, cost basis, thesis notes, watchlists, and cross-session memory, but the description does not clearly warn users about this persistence. Lack of upfront disclosure undermines informed consent and can expose private financial information to retention in workspace files and memory systems the user did not expect.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The example explicitly states the briefing arrives automatically at 6:00 AM with no user prompt, but it does not define clear opt-in, scope, scheduling controls, or recipient constraints. In an agent system, broad unsolicited delivery can cause unwanted actions, privacy issues, spam-like behavior, or dissemination of stale/inaccurate financial content without an explicit user request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal