ClawHub

Stock Analysis 6.2.0

Security checks across malware telemetry and agentic risk

Overview

The finance features are mostly coherent, but the optional Twitter/X scanners require sensitive session cookies and run an external tool with broader access than users may expect.

Review carefully before installing. Use the main stock, portfolio, watchlist, and hot-scan features without Twitter/X when possible, especially with --no-social. If you enable Twitter/X, treat AUTH_TOKEN and CT0 like passwords, keep .env out of source control, avoid granting Terminal Full Disk Access, and rotate or revoke X sessions if those tokens may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for category, query in searches:
                try:
                    env = os.environ.copy()
                    result = subprocess.run(
                        [bird_bin, "search", query, "-n", "15", "--json"],
                        capture_output=True, text=True, timeout=30, env=env
                    )
Confidence
94% confidence
Finding
result = subprocess.run( [bird_bin, "search", query, "-n", "15", "--json"], capture_output=True, text=True, timeout=30, env=env

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documentation materially expands the skill's data collection beyond a Yahoo Finance-centered stock analysis tool to include Google News, CoinGecko, Twitter/X, and Reddit. This creates a scope/transparency mismatch that can mislead users and reviewers about what external services are contacted and what kinds of data may be processed, especially when social platforms and news aggregation are involved.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The Twitter/X setup instructs users to install a third-party CLI and obtain live authentication material via browser cookies, including guidance to grant Terminal Full Disk Access. Handling auth_token and ct0 values this way significantly raises the risk of credential theft, session hijacking, or overbroad local access if the tool, shell history, environment, or machine is compromised.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The Twitter/X scan invokes an external CLI and forwards the current environment, which may include secrets loaded earlier from `.env`. That creates a realistic path for credential exposure to the child process, its plugins, logs, crash reports, or any malicious replacement of the `bird` executable.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script reads a local `.env` file and injects every key/value pair into the process environment without scoping. In this file, that becomes dangerous because later code copies and forwards the environment to a subprocess, potentially exposing credentials unrelated to stock scanning.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The roadmap includes push notifications, analytics, and business-metric tracking without a clear user-facing privacy notice or consent model. In a finance-related app, silent collection of behavioral data and notification-driven engagement can expose sensitive investment interests and create compliance/privacy risk if users are not adequately informed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to extract authentication cookies for Twitter/X from browser developer tools and store them in a local .env file. These tokens are effectively session credentials; if exposed through logs, backups, source control, shell history, or local compromise, an attacker could hijack the user's account and access or act through it without needing a password.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation states that portfolio and watchlist data are stored under the user's home directory, but it does not clearly warn users before data is persisted or describe retention/removal behavior. Even if the stored data is not highly sensitive by default, investment holdings and watchlists can reveal financial interests and trading intent, so silent persistence creates a privacy risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The instructions explicitly tell users to grant Terminal Full Disk Access and manually extract Twitter cookies without any warning about the sensitivity of those credentials or the consequences of exposing them. This normalizes insecure operational practices and can directly enable theft of active session tokens, broader host compromise exposure, and unauthorized account access.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script reads a local .env file and injects all parsed keys into the process environment before invoking an external CLI. That can expose more secrets than necessary to child processes and increases the blast radius if the external tool is compromised, logs its environment, or behaves unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal