ClawHub

股票筛选工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock and trend-data API client; its main cautions are normal API-key use and an irreversible preset-delete tool.

Install only if you trust the configured STOCK_API_BASE_URL and can provide a scoped STOCK_API_KEY. Treat create/update/delete/sort operations as backend mutations, and confirm the exact preset ID before allowing hot_factor_delete because the artifact says deletion is irreversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README states that mentioning broad trigger phrases like '股票筛选', '热门因子', '股票分析', or '抖音热点' will cause the agent to automatically invoke tools, but it does not define boundaries, confirmation requirements, or disambiguation rules. In an agent setting, overly broad auto-invocation cues can cause unintended tool execution from casual conversation, quoted text, or prompt-injection content, increasing the risk of unwanted external API calls and data exposure.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description is broad and overlaps with common finance-related conversation, increasing the chance the skill auto-activates in contexts where the user did not intend external API calls or tool execution. Because the skill can access networked data and use secrets, over-broad invocation expands the attack surface and can cause unintended data access or actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes an irreversible delete operation for factor presets but does not require an explicit confirmation step or warn that the action should only proceed after user consent. In an agent setting, this raises the risk of accidental destructive actions from ambiguous prompts, misfires, or prompt-injection-driven tool use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal