ClawHub

eastmoney skills

Security checks across malware telemetry and agentic risk

Overview

This finance skill appears purpose-aligned, but it asks users to delete and replace local OpenClaw skills with remote ZIP downloads that are not included or integrity-verified in the reviewed artifact.

Review this carefully before installing. Inspect the remote ZIP contents first, verify they are from a provider you trust, and list or back up any ~/.openclaw/skills/mx-skills* directories before deleting them. Use a dedicated MX_APIKEY if possible and avoid pasting the key into logs or shared terminals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest presents a financial-data skill set, but the body of the file instructs the agent/user to perform local installation, filesystem writes, downloads, and environment setup. That expands behavior well beyond the declared business purpose and increases the chance an agent executes risky host-modifying actions under the guise of a finance skill.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The file includes a destructive deletion command that recursively removes directories from the local skill path before installation. Even if intended for cleanup, such commands are dangerous in agent-consumable skill files because path expansion, operator error, or automated execution can delete unrelated local data irreversibly.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
The skill instructs interactive collection and export of an API key into the shell environment, which is outside the stated financial-analysis function and encourages credential handling in an unstructured way. This can lead to accidental disclosure in logs, terminal history, screenshots, or unintended reuse across processes in the session.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The skill description is broad and does not define narrow trigger conditions, exclusions, or limits on when installation/setup actions should occur. In agent settings, vague scope makes it easier for the skill to be invoked in inappropriate contexts and to perform risky side effects unrelated to the user's immediate request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The deletion step lacks a clear irreversible-warning despite instructing removal of existing skill directories. Without an explicit warning and confirmation requirement, users or agents may execute it casually and destroy local content needed for recovery, comparison, or rollback.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal