ClawHub

Claw Portfolio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local portfolio tracker with expected npm setup, local data storage, market-data lookups, and optional localhost web UI.

Install only if you are comfortable with an npm-based local portfolio tool that stores holdings in data/portfolio.json and sends ticker or crypto symbols to Yahoo Finance and CoinGecko for market data. Keep backups before using sell/remove/delete operations, and run the optional web UI only on a trusted local machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises no required environment permissions, yet the documented functionality depends on external market-data access and the package also includes web/server behavior. This creates a transparency and consent problem: users and orchestrators may treat the skill as local-only when it actually makes network requests, increasing the risk of unintended data exposure or policy bypass.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill is presented primarily as a CLI portfolio tracker, but the documented installation and scripts reveal broader server/web-app capabilities and the finding indicates exposed HTTP endpoints for portfolio CRUD, exports, and price/dividend retrieval. This mismatch is dangerous because users may invoke or install it under a narrower trust model than the code actually requires, expanding attack surface through unintended local services and data-handling paths.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents commands that add, sell, switch, create, remove, and export portfolio data, but it does not clearly warn users that these operations persistently modify or delete local data in `data/portfolio.json`. In an agent-driven context, insufficient disclosure around destructive or state-changing actions can lead to accidental data loss or unauthorized modifications to a user's financial records.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill emphasizes real-time price and dividend features but does not clearly state that these operations contact external APIs such as Yahoo Finance and CoinGecko. While expected for market-data functionality, the missing privacy/network warning can mislead users about outbound requests, metadata leakage, and dependence on third-party services.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
On JSON parse or schema validation failure, the code creates a backup and then immediately overwrites the active portfolio file with a fresh default state. This can cause effective data loss from corruption, partial writes, or unexpected format changes, and a user may continue operating on the reset portfolio before realizing their original data was discarded from the primary path.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal