ClawHub

IHSG Session Summary

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed IHSG market-summary skill that fetches public market/news data using Yahoo Finance, Infovesta, and Tavily, with no hidden destructive or exfiltration behavior found.

Install only if you are comfortable running a local Python script, installing its dependencies, and giving it a Tavily API key for web searches. Use a limited Tavily key if possible, monitor API usage if enabling scheduled runs, and verify important financial figures against trusted market sources before acting on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly instructs the agent to access environment variables and perform outbound network requests, but it does not declare any permissions or capability boundaries. This creates a transparency and governance gap: an operator may install or run the skill without realizing it can access secrets and external services, increasing the chance of over-privileged execution and unintended data exposure.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The arbitrary `--tavily-search` mode turns a narrowly scoped market-summary skill into a general web-search tool. In an agent setting, this expands capability beyond the stated purpose and can be abused for unintended data retrieval, policy bypass, or prompt-chaining workflows that rely on the skill to access arbitrary external content.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The generic `search(query, ...)` helper accepts arbitrary query strings and returns raw external content, creating a reusable web-search primitive inside a supposedly specialized financial reporting skill. This increases risk because other code paths or future modifications can repurpose the skill for unbounded external retrieval, undermining least privilege and making downstream prompt/content injection more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal