ClawHub

Stock Daily Analysis

Security checks across malware telemetry and agentic risk

Overview

The stock-analysis feature is mostly coherent, but bundled helper scripts can download, update, and run mutable external code that is not part of the reviewed skill package.

Review the helper scripts before installing. Prefer using the bundled analyzer modules directly, or pin and inspect the external daily_stock_analysis repository before running setup.sh, run.sh, or update.sh. Use a revocable AI API key, keep config files private, and avoid sending sensitive portfolio or watchlist data to an AI provider you do not trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Tainted flow: 'proxies' from os.environ.get (line 84, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
if proxy_url:
            proxies = {'https': proxy_url, 'http': proxy_url}
        
        response = requests.post(url, headers=headers, params=params, json=data, timeout=30, proxies=proxies)
        response.raise_for_status()
        
        result = response.json()
Confidence
95% confidence
Finding
response = requests.post(url, headers=headers, params=params, json=data, timeout=30, proxies=proxies)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises functionality that clearly requires network, file, environment, and shell access, but it does not declare those permissions. Undeclared capabilities undermine least-privilege controls and make it harder for operators to evaluate what the skill can access or exfiltrate, especially given its use of external APIs and local scripts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior omits or understates several security-relevant actions, including cloning/updating external code from GitHub, invoking third-party AI APIs with analysis data, and using broader data collection than the description suggests. This mismatch can mislead users into granting trust or running the skill under assumptions that do not reflect its real attack surface, increasing supply-chain and data-exposure risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The constructor accepts a configuration-controlled skill_path and later executes skill_path/scripts/quote_cn_pro.py. If an attacker can influence configuration or deployment layout, they can redirect execution to arbitrary local code, turning this analytics bridge into an arbitrary code execution primitive within the agent environment.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README instructs users to configure external AI providers and API keys, but it does not clearly warn that stock symbols, analysis context, prompts, and possibly portfolio-related data may be transmitted to third-party services. In a finance-related skill, this can create privacy, confidentiality, and compliance risks because users may not realize their usage data leaves the local environment.

External Transmission

Medium
Category
Data Exfiltration
Content
"ai": {
    "provider": "openai",
    "api_key": "sk-your-deepseek-key",
    "base_url": "https://api.deepseek.com/v1",
    "model": "deepseek-chat"
  }
}
Confidence
88% confidence
Finding
https://api.deepseek.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal