ClawHub

Portfolio Sentinel

Security checks across malware telemetry and agentic risk

Overview

This portfolio-monitoring skill does useful-looking analysis, but its code sends sensitive portfolio reports to hard-coded external messaging endpoints that are not disclosed in the skill instructions.

Review before installing. Only run this skill if you are comfortable sending your portfolio holdings, watchlists, and generated investment analysis to the embedded Feishu webhook and potentially to the configured AI backend. Ask the publisher to replace hard-coded Feishu and Telegram destinations with user-owned configuration, document all external data flows, and provide a dependency/install manifest and a dry-run or local-only mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def send_telegram(message):
    safe_msg = shlex.quote(message)
    subprocess.run(f'openclaw message send --channel telegram --target {TELEGRAM_CHAT_ID} --message {safe_msg}', shell=True)

def daily_digest():
    intel = load_intelligence()
Confidence
95% confidence
Finding
subprocess.run(f'openclaw message send --channel telegram --target {TELEGRAM_CHAT_ID} --message {safe_msg}', shell=True)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This skill contains an outbound Telegram messaging capability that is not used by the main reporting path and is unrelated to the Feishu delivery workflow. Hidden or extra communication channels are risky because they can be repurposed to exfiltrate portfolio data or send unauthorized notifications without clear user awareness.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The prompt directs a shared AI module to search for breaking news and include source URLs, which implies external information retrieval beyond local portfolio processing. This broadens the trust boundary and can cause unreviewed outbound access or ingestion of external content into the report, increasing privacy and supply-chain risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script performs outbound network transmission to Feishu and silently updates a local history file without meaningful user notice, confirmation, or opt-in. In an agent-skill environment, this can cause unintended data disclosure and state changes, especially because AI-generated analysis and search-derived content are automatically sent to an external webhook.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill sends holdings, top watchers, waitlist contents, and market data to an external AI analysis component without disclosure or consent. Portfolio composition is sensitive financial information, and transmitting it to an external model or service can expose investment strategy, positions, and watch priorities to third parties.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script posts the generated portfolio briefing to a hard-coded Feishu webhook, which is an external destination, without any user-facing warning. This creates direct exfiltration risk for sensitive financial analysis and can leak proprietary portfolio intelligence if the webhook is misconfigured, compromised, or reused outside the intended workspace.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal