ClawHub

Xanadu Portfolio Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill needs Review because the supplied evidence shows charge-capable billing code and a hardcoded billing API key that are not clearly scoped to the expected user-facing purpose.

Only install after reviewing the billing code and confirming that any charge request requires explicit user approval, that the embedded billing key has been removed and rotated, and that third-party data sharing such as Yahoo Finance lookups is clearly disclosed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The code sends user_id, amount, skill_id, and the API key to a third-party billing endpoint without any visible consent, disclosure, or validation flow in this component. In a skill context, hidden billing behavior is more dangerous because users may invoke the skill expecting social media functionality, not an external charge request tied to their identity.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A live-looking secret API key is hardcoded directly in source code, which makes it recoverable by anyone with repository, package, or artifact access. Exposed billing or payment-related API credentials can enable unauthorized charges, account abuse, data access, or service impersonation, and the surrounding billing configuration context makes the exposure more sensitive rather than less.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool sends user-supplied portfolio symbols to Yahoo Finance via yfinance without clearly informing the user that their holdings data will be disclosed to a third party. In a financial portfolio context, holdings can be sensitive information, and silent transmission may violate user expectations, internal policy, or privacy requirements even if only ticker symbols are sent.

External Transmission

Medium
Category
Data Exfiltration
Content
amount = amount or DEFAULT_PRICE
        
        try:
            response = requests.post(
                f"{self.base_url}/charge",
                json={
                    "api_key": self.api_key,
Confidence
85% confidence
Finding
requests.post( f"{self.base_url}/charge", json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal