ClawHub

Xanadu Stock Screener

Security checks across malware telemetry and agentic risk

Overview

The stock screener mostly matches its stated purpose, but it bundles under-scoped billing code with a hardcoded SkillPay key and unclear charge authorization.

Review before installing. The stock-screening script itself is straightforward, but avoid using the SkillPay billing files unless the publisher removes the embedded API key, aligns the product/pricing text with the stock screener, and adds explicit user approval before any charge. Use simple watchlist names without slashes or path components.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This code sends billing-related identifiers and the API key to an external payment service without any visible consent, disclosure, or minimization controls in the skill code. Even though the endpoint uses HTTPS, the function can trigger charges and transmit user-linked payment metadata, which is sensitive behavior in an agent skill context and increases risk of undisclosed billing or privacy violations.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A live-looking secret API key is hardcoded directly in source code, which makes it accessible to anyone who can read the repository, package, logs, or deployment artifact. Exposed billing or payment-related credentials can be abused to impersonate the service, access protected APIs, incur charges, or modify billing behavior, and secrets committed to code often persist in version history even after removal.

External Transmission

Medium
Category
Data Exfiltration
Content
amount = amount or DEFAULT_PRICE
        
        try:
            response = requests.post(
                f"{self.base_url}/charge",
                json={
                    "api_key": self.api_key,
Confidence
82% confidence
Finding
requests.post( f"{self.base_url}/charge", json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal