ClawHub

etf-finance

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local ETF portfolio tracker, with some install and data-deletion caveats users should understand before using it.

Install only if you are comfortable storing holdings, purchase prices, quantities, and alerts in local JSON files and querying ticker symbols through Yahoo/yfinance or Tencent Finance. Back up ~/.clawdbot/etf_investor before uninstalling if you want to keep your records, and prefer using an isolated Python environment instead of relying on the installer's --break-system-packages fallback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation advertises capabilities that imply filesystem access, shell execution, and network use, but it does not declare permissions or clearly bound those powers. In an agent environment, undeclared powerful capabilities reduce transparency and can lead users or policy systems to approve a skill without understanding that it can modify local files, execute scripts, and reach external data sources.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation describes deletion and uninstall operations without warning that locally stored portfolio and alert data may be removed or become unrecoverable. This creates a realistic risk of accidental data loss, especially because the skill stores user financial tracking data in local JSON files and users may assume uninstall only removes code.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The installer automatically invokes pip to modify the user's Python environment without explicit warning or confirmation. This is risky because it performs network-based package installation during setup, and the fallback to '--break-system-packages' increases the chance of destabilizing the local Python environment or introducing supply-chain risk if package sources are compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal