ClawHub

Finance Paper Daily

Security checks across malware telemetry and agentic risk

Overview

This skill appears to fetch public finance paper metadata and create a desktop Excel report, with disclosed but notable dependency-installation risk.

Install this only if you are comfortable with it contacting public academic services and creating or overwriting ~/Desktop/YYYY-MM-DD_finance_papers.xlsx. Prefer running it in a virtual environment and preinstalling pinned dependencies yourself instead of using --break-system-packages or allowing runtime pip installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
    print('正在安装 openpyxl...')
    import subprocess
    subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'openpyxl', '-q'])
    import openpyxl
    from openpyxl.styles import Font, PatternFill, Alignment, Border, Side
    from openpyxl.utils import get_column_letter
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'openpyxl', '-q'])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from scholarly import scholarly as sc
        except ImportError:
            import subprocess
            subprocess.check_call([sys.executable,'-m','pip','install','scholarly','-q'])
            from scholarly import scholarly as sc
        keywords = ['quantitative finance 2024','asset pricing machine learning 2024']
        seen = set()
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable,'-m','pip','install','scholarly','-q'])

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs users to install packages and run a Python script that uses both shell execution and external network access, yet no permissions are declared. This creates a transparency and consent problem: the agent can fetch remote content and modify the environment without an explicit permission model, increasing the risk of unintended system changes or abuse if the script is altered.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Installing Python packages at runtime is outside the narrow necessity of fetching papers and generating an Excel report, so the skill gains host-modification capability beyond its stated purpose. In this context, that is a real security concern because it turns a read/report workflow into one that can alter system state and pull executable code from package repositories.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The Google Scholar branch introduces an unjustified environment-changing action by installing scholarly at runtime. Because this dependency is optional for one source, the risk is less defensible: the skill could still function without altering the host, making the added capability unnecessary and dangerous.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill states that it will save an Excel report directly to the user's Desktop and overwrite the same-day file, but it does not prominently warn users that local files will be created or replaced. While the described behavior is expected for the skill's purpose, silent modification of user files can still surprise users and cause minor data loss or trust issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs openpyxl via pip without prior warning or confirmation, so users are not informed that running the skill will change their environment. That violates least surprise and can bypass organizational controls on software installation, especially in managed or sensitive environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The auto-installation of scholarly occurs without clearly disclosing that the skill will download and install software. This is dangerous because an apparently simple paper-fetching action can unexpectedly modify the host and introduce third-party executable code.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal