ClawHub

Avanza Investment Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local portfolio-tracking skill with optional network price lookups, not evidence of hidden trading or malicious data theft.

Install only if you are comfortable storing portfolio data in a local SQLite database and, when automatic price updates are enabled, sending held asset names to Avanza. Use --update-prices never for offline use, keep database backups before reset operations, and prefer pinning requests to a current safe version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes file I/O, SQLite persistence, and price updates via `requests`, but it does not declare corresponding permissions. This creates a transparency and consent problem: users or orchestrators may run the skill without realizing it can read/write local files and make outbound network requests, increasing the chance of unintended data exposure or destructive actions such as database reset.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The stated purpose focuses on CSV processing and return calculations, but the documented behavior also includes outbound HTTP price fetching, persistent database/state management, and administrative commands such as reset and settings management. This mismatch can mislead users and security tooling about the true operational scope of the skill, causing underestimation of privacy, integrity, and availability risks.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The file includes functionality to fetch live asset prices from Avanza over the network, which goes beyond the stated skill purpose of processing CSV exports and calculating returns. Even if used for legitimate portfolio valuation, it causes external data transmission of held asset names and creates privacy, supply-chain, and availability risk that is not obvious from the manifest.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
Network-based asset price lookup is present despite the skill being described as CSV import and return calculation. This means portfolio holdings are implicitly disclosed to a third party and results depend on an undocumented external endpoint, which increases privacy and integrity risk in a financial context.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The quick-start examples encourage `stats --update-prices auto` but do not clearly warn that this triggers outbound network access to fetch market data. In a finance context, even limited external requests can reveal user interest in specific assets or cause users to violate expectations about offline/local-only processing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The class exposes reset_table() and reset_tables() methods that perform unconditional DELETE operations across one or all tables with no confirmation, safety guard, authorization check, or transaction rollback path. In a portfolio-tracking skill handling financial records, accidental invocation, misuse by another component, or prompt-driven agent behavior could wipe transaction history and derived performance data, causing integrity loss and operational disruption.

External Transmission

Medium
Category
Data Exfiltration
Content
}

        for (asset,asset_id) in assets:
            r = requests.post(url, headers=headers, json={"query": asset, "limit": 5}, timeout=10)

            if r.status_code == 200:
                resp = r.json()
Confidence
89% confidence
Finding
requests.post(url, headers=headers, json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal