ClawHub

a-stock-data-quant

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is mostly purpose-aligned, but it embeds an API key and sends finance queries to third-party services without clear privacy scoping or opt-in.

Install only if you are comfortable with finance symbols, search terms, and AI prompts being sent to external providers such as Eastmoney, Tencent, Baidu, Hexin, and news APIs. Remove and rotate the bundled Eastmoney API key before use, prefer your own secret via environment variable, and avoid entering proprietary trading strategies or sensitive portfolio details into the AI commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill introduces external AI API-key configuration and use of a third-party AI service without corresponding permission transparency in the manifest. Credential handling plus outbound transmission of prompts creates a real confidentiality and misuse risk, especially if users enter sensitive portfolio, research, or proprietary trading information that is then sent to the external provider.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The configuration hardcodes a live Eastmoney AI API key directly in the skill file. Embedded credentials are dangerous because anyone with access to the repository, package, logs, or deployed artifact can extract and abuse the key for unauthorized API usage, billing consumption, quota exhaustion, or access to associated service data.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The report imports executable JavaScript from a third-party CDN, which means anyone opening this local HTML file will run remote code in their browser. If the CDN asset is compromised, replaced, blocked and redirected, or unexpectedly changed, the report can execute attacker-controlled script, make network requests, and tamper with displayed analysis beyond the skill's stated offline/reporting purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly describes use of a network proxy for Git operations and an external AI diagnosis API key, but provides no warning that commands may transmit repository metadata, stock queries, or user activity to third-party services. In a skill intended for financial analysis, this increases privacy and data-governance risk because users may unknowingly send sensitive prompts, symbols, or operational details off-host.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents use of Eastmoney AI, news aggregation, and multiple third-party market data providers, but it does not clearly disclose that user prompts, stock queries, and related request metadata will be transmitted to external services. In a finance-oriented tool, this can expose sensitive research interests, trading intent, or API credentials to third parties without informed user consent, increasing privacy and compliance risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad generic terms like news, AI diagnosis, realtime quotes, and technical-analysis words that can appear in ordinary conversation. Overbroad triggers increase the chance of accidental invocation, which is dangerous here because the skill can make external requests and potentially send user queries to third parties without the user intending to activate the skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The decision tree maps vague user intents to commands without clear boundaries or disambiguation, so ordinary requests like '看看新闻' or '帮我诊断一下' may route into networked finance or AI endpoints. In this skill context, ambiguous routing is more dangerous because some commands contact external services and may process user text beyond what the user expected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill clearly states it uses multiple external data providers and AI interfaces, but it does not prominently warn that user queries and requested symbols/topics may be transmitted to third parties. This creates a privacy and data-governance issue: users may unknowingly disclose sensitive watchlists, strategies, or research interests to external services.

Missing User Warnings

Medium
Confidence
70% confidence
Finding
The `cache clear` path deletes cached files immediately with no confirmation, dry-run, or visible enumeration of what will be removed. In an agent or automation context, a mistaken invocation can cause unintended data loss or operational disruption, especially if cache location or deletion scope is broader than the user expects.

Vague Triggers

Low
Confidence
93% confidence
Finding
This configuration exposes an external service credential without clearly constraining when it is used, what operations it authorizes, or whether users have consented to outbound requests. In a skill that performs AI-driven finance features, such ambiguity increases the risk of silent third-party data transmission, unexpected external dependencies, and misuse of the credential beyond the operator's intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code sends user-supplied financial queries and the EM API credential to a third-party remote service, but the file contains no in-code user warning, consent flow, or disclosure boundary. In a skill context, that means potentially sensitive prompts, symbols, strategies, or proprietary analysis requests are transmitted off-box without making that privacy/security property explicit.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal