ClawHub

Equity Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Korean stock-analysis skill, but its optional scripts should be reviewed before running because they scrape Naver Finance, invoke local commands, and save report files.

Install only if you are comfortable with optional Python scripts that scrape Naver Finance, control an OpenClaw browser profile, execute local analysis commands, and save report files. Review the scripts first, use a clean browser profile, adjust hardcoded Windows paths, and do not enable any scheduled or LINE delivery workflow without configuring and reviewing it yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_cmd(cmd, timeout=30):
    """Run shell command and return output."""
    result = subprocess.run(
        cmd,
        shell=True,
        capture_output=True,
Confidence
98% confidence
Finding
result = subprocess.run( cmd, shell=True, capture_output=True, text=True, timeout=timeout )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises no declared permissions, yet the content indicates capabilities for file access, networking, and shell execution via included scripts and browser-driven scraping. This creates a meaningful trust and containment gap: users and the platform cannot accurately assess what the skill may do, including local file writes and external network activity, which expands the attack surface beyond the stated purpose.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill's documented purpose is narrow stock analysis, but the detected behavior extends to batch report generation, scraping popular stocks, fixed-watchlist morning reports, and local persistence of outputs. This mismatch is dangerous because hidden or undocumented behaviors can be abused for unanticipated data collection, unattended automation, and file-system side effects, undermining informed consent and making risky actions appear routine.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script unconditionally prints the full structured analysis JSON to stderr, which can expose potentially sensitive input-derived data even when the caller expects output only on stdout or in the requested file. In agent or pipeline environments, stderr is often captured in logs, telemetry, or parent processes, so this becomes an unintended data disclosure channel.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
This equity-analysis skill launches an external browser automation tool through shell commands, giving it broader system interaction than the declared purpose suggests. In context, that increases risk because web-derived content is being processed by privileged local tooling, and the command construction is unsafe due to shell=True.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The script executes a separate local Python program, which enlarges the trusted computing base and creates an additional code-execution path beyond simple stock analysis. If analyze.py is modified, replaced, or reached through an unexpected path in the deployment environment, the skill will execute arbitrary local code.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal