ClawHub

A股模拟账户交易

Security checks across malware telemetry and agentic risk

Overview

This skill is a local A-share paper-trading simulator with expected local storage, localhost service controls, public market-data lookups, and optional disclosed macOS autostart.

Install this if you are comfortable running a localhost paper-trading service that stores simulated account/order history locally and contacts public finance-data providers for stock quotes/history. Keep the service bound to 127.0.0.1 unless you intentionally want network exposure, and only use the launchd option if you want it to restart automatically after login.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to run local Python services, invoke shell commands, access user-scoped filesystem paths, and communicate over HTTP, but it does not declare any permissions or capability boundaries. This creates a transparency and governance gap: a caller or platform may not realize the skill can spawn processes, bind ports, read/write persistent data, and make network requests, increasing the risk of unintended execution or abuse.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The module docstring states the adapter has 'fully local dependencies', but the implementation makes repeated outbound HTTP requests to Sina, Tencent, and AkShare-backed remote sources. This mismatch can mislead users, reviewers, or higher-level agents into assuming no network egress or third-party data exposure exists, which is a real security and privacy issue in an agent skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code performs multiple outbound requests to third-party services without any explicit disclosure, logging, or consent mechanism, including quote/history retrieval and fallback providers. In an agent context, this can leak user interest, trading symbols, timing, and environment metadata to external parties, making the issue more significant than in a standalone script.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal