ClawHub

A Stock Analyzer.Bak

Security checks across malware telemetry and agentic risk

Overview

This A-share analysis skill appears purpose-related, but it needs review because it can send reports to webhooks and can generate trading recommendations from default or simulated financial data.

Install only if you are comfortable reviewing the code and configuration first. Disable or remove webhook settings unless you intentionally want reports sent to Feishu or DingTalk, and treat the stock picks as unverified analysis because some financial values may be defaulted or simulated when source data is unavailable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable behavior including reading/writing reports and making network requests, but it does not declare permissions or clearly scope those capabilities. That creates a transparency and governance gap: hosts or users cannot accurately assess what the skill can access, and network/reporting features could exfiltrate market data, local data, or generated analysis to external services without explicit approval.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose understates materially different behaviors: external webhook pushes, scheduled/persistent data collection, use of simulated or randomized fallback financial data, and broader analysis logic than claimed. This is dangerous because users may trust the outputs as strict Minervini-plus-financial screening while the system can silently transmit data externally and even generate recommendations from synthetic data, leading to privacy, integrity, and decision-making risks.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The report claims a professional strategy based on Minervini trend-template and 7 strict financial conditions, but the output only shows generic technical signals and omits the promised fundamental screening evidence. This can mislead users into believing recommendations satisfy stricter due diligence than was actually performed, increasing the risk of inappropriate investment decisions based on overstated methodology.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill description frames the tool as a stock screener, but the report provides concrete execution advice including entry range, target price, stop-loss, and position sizing. In this context, that broadens the skill from analysis into actionable trading guidance, which materially increases financial and compliance risk, especially when users may rely on it as personalized investment advice.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The report presents specific buy ranges, target prices, stop-losses, and position sizing while simultaneously disclaiming that it is not investment advice. This contradiction can mislead users into treating the output as actionable financial guidance without appropriate compliance controls, suitability checks, or transparency about risk and methodology.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The report claims to apply seven strict screening criteria, but the examples shown do not substantiate those criteria and instead display mismatched technical indicators such as 30-day averages rather than the stated 50-day and 150-day conditions. In a stock-picking skill, this undermines the integrity of the recommendations and can cause users to rely on false or unverifiable selection logic.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script is described as an analysis assistant, but it automatically forwards generated report content to an external pusher module without explicit user consent in this execution path. That creates an outbound data-sharing behavior that users may not expect, and the risk increases because reports may contain derived trading decisions, watchlists, or environment-specific information.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This file implements outbound messaging to Feishu and DingTalk, which extends the skill beyond local stock analysis into external data transmission. Because the manifest describes a stock-analysis assistant but does not disclose external pushing behavior, users may not expect generated reports to be sent to third-party services, creating a transparency and data-handling risk.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code sends generated report content to arbitrary externally configured webhooks, which can exfiltrate sensitive analysis outputs, watchlists, or proprietary signals outside the local environment. Because the destination is configuration-controlled and there is no validation, allowlisting, or consent flow, a compromised or malicious config can silently redirect data to attacker-controlled endpoints.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script writes generated reports to disk automatically without an explicit user-facing warning or consent step. In a local analysis tool this can expose sensitive outputs, trading ideas, or market research to other local users, backups, sync tools, or later exfiltration paths, especially because the report path is predictable.

Missing User Warnings

High
Confidence
95% confidence
Finding
The code sends report content over the network through a report-pusher path without a clear prior disclosure or confirmation from the user. This is more dangerous in this skill context because the tool handles analysis outputs and recommendations that users may assume stay local; silent transmission creates privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Feishu push path performs an HTTP POST containing report content to an external webhook without any explicit user-facing disclosure at the time of transmission. In a finance-oriented skill, reports may contain sensitive trading analysis, so undisclosed outbound sharing increases privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The DingTalk path also posts report content externally with no explicit disclosure or confirmation, which can expose investment analysis to third parties unexpectedly. In the context of a stock-analysis skill, undisclosed sharing of generated reports is more dangerous because users may reasonably assume outputs remain local or within the agent environment.

External Transmission

Medium
Category
Data Exfiltration
Content
}
            }
            
            response = requests.post(webhook, json=card, timeout=10)
            
            if response.status_code == 200:
                print("✅ 飞书推送成功")
Confidence
93% confidence
Finding
requests.post(webhook, json=

External Transmission

Medium
Category
Data Exfiltration
Content
}
            }
            
            response = requests.post(webhook, json=data, timeout=10)
            
            if response.status_code == 200:
                print("✅ 钉钉推送成功")
Confidence
93% confidence
Finding
requests.post(webhook, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal