ClawHub

FinClaw

Security checks across malware telemetry and agentic risk

Overview

FinClaw is a coherent finance helper that stores local portfolio data and uses known market-data APIs, with no evidence of hidden execution, exfiltration, or destructive behavior outside its stated purpose.

Install only if you are comfortable with a Python environment pulling current package versions, local storage of portfolio records and notes, and market queries being sent to third-party finance APIs. Use limited-scope API keys, avoid putting sensitive notes in symbols/watchlists, and be careful with remove/delete commands because some local records are deleted rather than archived.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("Installing dependencies...")
    subprocess.check_call([VENV_PIP, "install", "--upgrade", "pip"],
                          stdout=subprocess.DEVNULL)
    subprocess.check_call([VENV_PIP, "install", "-r", REQ_FILE])
    print("Dependencies installed.")
Confidence
82% confidence
Finding
subprocess.check_call([VENV_PIP, "install", "-r", REQ_FILE])

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The portfolio, alerts, and watchlist commands perform persistent state changes such as add, sell, remove, create, delete, and snooze, but the markdown does not warn that these operations modify stored user data. In an agent setting, this increases the chance of unintended destructive actions or silent data loss if the model invokes commands without clear user confirmation.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill documents optional API keys and several third-party market, news, macro, and sentiment providers, but it does not disclose that user-requested symbols, watchlist contents, or query parameters may be transmitted to external services. While the transmitted data is usually low sensitivity in a finance context, the omission can still mislead users about privacy and data handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The remove_position function permanently deletes both the position record and all associated transactions immediately after receiving a symbol, with no confirmation, dry-run, soft-delete, or authorization guard. In an agentic finance assistant context, a mistaken invocation, ambiguous user prompt, or unsafe tool chaining could irreversibly erase portfolio history and impair auditability, portfolio tracking, and tax/cost-basis reconstruction.

Missing User Warnings

Low
Confidence
91% confidence
Finding
This code sends user-supplied symbols or topics to Alpha Vantage over the network without any explicit user-facing notice or consent mechanism. While the destination is a legitimate finance API and the data is not highly sensitive by itself, queries can still reveal user interests, trading intent, or portfolio focus, creating a privacy leak.

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance
pandas
matplotlib
mplfinance
Confidence
98% confidence
Finding
yfinance

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance
pandas
matplotlib
mplfinance
finnhub-python
Confidence
99% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance
pandas
matplotlib
mplfinance
finnhub-python
requests
Confidence
98% confidence
Finding
matplotlib

Unpinned Dependencies

Low
Category
Supply Chain
Content
yfinance
pandas
matplotlib
mplfinance
finnhub-python
requests
fredapi
Confidence
98% confidence
Finding
mplfinance

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
matplotlib
mplfinance
finnhub-python
requests
fredapi
Confidence
98% confidence
Finding
finnhub-python

Unpinned Dependencies

Low
Category
Supply Chain
Content
matplotlib
mplfinance
finnhub-python
requests
fredapi
Confidence
99% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
mplfinance
finnhub-python
requests
fredapi
Confidence
97% confidence
Finding
fredapi

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
92% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal