ClawHub

A股社媒资讯

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it embeds and prefers a shared API key and pushes finance-related follow-up subscriptions, so users should review it before installing.

Install only if you are comfortable sending stock-market query terms to RedFox and saving scraped public social-media metadata under ~/Downloads/StockFeed. Prefer using an explicit CLI API key if you trust the provider, avoid relying on the embedded shared key, and treat the output as sentiment research rather than investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The template instructs the agent to promote daily push notifications and external subscription skills that are not necessary to fulfill the stated purpose of researching A-share social sentiment. This creates a scope-expansion risk: users asking for analysis may be steered into persistent engagement or off-skill actions without clear consent boundaries, which is especially sensitive in a finance context where repeated nudging can influence behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad finance-related terms such as A股、大盘分析、选股、股票讨论、股市热点, making accidental invocation more likely in ordinary conversation. Because this skill performs external searches and local file output, an unintended trigger can cause unnecessary network activity, collection of third-party content, and unanticipated writes to disk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to collect and output authors, engagement metrics, and links from multiple platforms, and to save reports locally, but it does not clearly warn the user about privacy implications or default disk persistence. This is risky because scraped personal or quasi-personal metadata may be retained in local files or shared HTML reports without informed user consent.

Ssd 3

Medium
Confidence
98% confidence
Finding
The script embeds and automatically prefers a hardcoded public API key, causing all users to send authenticated requests with a shared credential by default. Shared embedded credentials are dangerous because they can be abused, revoked, rate-limited, or monitored centrally, and they prevent users from reliably using their own environment-provided secret despite the apparent support for it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal