ClawHub

Bangladesh stock market live data and analytics

Security checks across malware telemetry and agentic risk

Overview

This stock-market skill is mostly coherent, but it quietly includes a user-portfolio command and automatic promotional messages that are not clearly disclosed in the main instructions.

Install only if you trust stock-ai.live with your StockAI API key and any portfolio data tied to that account. Treat the key as a secret, avoid committing .env/config files, and be aware that command outputs include promotional signup/upgrade content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
78% confidence
Finding
A skill advertised as stock-market data/analytics appears, per the analyzer, to also access user portfolio data and inject promotional upgrade/signup messaging into responses. Accessing portfolio data extends the data sensitivity beyond simple public market information, and undisclosed upsell behavior erodes user trust and can lead to unnecessary collection or exposure of personal financial context.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill description says it provides market data and analytics, but it also exposes a portfolio endpoint that retrieves account-linked user data. That scope expansion increases privacy risk because users may invoke a seemingly public-data skill without realizing it can access and transmit personal portfolio information to a remote service.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The documentation instructs users to place an API key in environment variables and config or .env files without any caution about secret handling, file permissions, commit hygiene, or avoiding logs. While this is common practice, the missing guidance increases the chance of accidental credential exposure through source control, shared configs, screenshots, or terminal history.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The portfolio command sends authenticated requests to a remote API using the user's API key, but there is no explicit warning at the point of use that account-linked portfolio data will be fetched and transmitted. In a skill framed mostly as market-data lookup, this can surprise users and create unnecessary privacy exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal