ClawHub

tqsdk-test

Security checks across malware telemetry and agentic risk

Overview

This is a read-only TQSDK market-data skill with expected credential use, but users should handle the TQ account password carefully.

Install only if you are comfortable giving this skill access to your Tianqin/TQSDK account for market-data queries. Configure TQ_USERNAME and TQ_PASSWORD through ClawHub secrets or environment settings rather than pasting the password into chat or ordinary parameters, avoid credential reuse, and prefer pinned dependency versions for controlled installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to provide a username and password for the skill, but it does not clearly disclose that those credentials will be transmitted to an external third-party market data service. This creates a meaningful risk of users supplying sensitive trading credentials without informed consent, and increases the chance of unsafe handling, reuse of personal credentials, or accidental exposure in logs, configs, or chat history.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill silently depends on trading account credentials without any user-facing disclosure in this code path. While not directly exploitable like secret exfiltration, it creates a transparency and consent issue: operators may not realize a supposedly read-only market-data skill requires privileged brokerage-related credentials.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code makes authenticated outbound connections to an external service via TqApi/TqAuth without any in-file user-facing notice. This matters because invoking the skill causes network transmission of credentials and query activity to a third party, which can surprise users and expands data exposure beyond the local environment.

Missing User Warnings

Low
Confidence
76% confidence
Finding
Historical data queries send user-supplied symbol and time-range parameters to the external market-data provider, but the code does not disclose this behavior to users. This is mainly a privacy/transparency issue rather than a direct code-execution flaw, though it still exposes user query intent to the third party.

Unpinned Dependencies

Low
Category
Supply Chain
Content
tqsdk>=3.0.0
pandas>=1.3.0
Confidence
95% confidence
Finding
tqsdk>=3.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
tqsdk>=3.0.0
pandas>=1.3.0
Confidence
97% confidence
Finding
pandas>=1.3.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal