ClawHub

投资研究报告助手

Security checks across malware telemetry and agentic risk

Overview

The skill largely matches its stock-analysis purpose, but it needs review because it ships an apparent hard-coded Tavily API key and its credential documentation conflicts with the packaged files.

Review or remove tavily_config.py before installing, do not rely on the bundled Tavily key, and configure your own key only if you are comfortable sending stock/news search queries to Tavily. Install in an isolated environment and consider pinning dependencies before operational use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that stock analysis will automatically perform Tavily searches, but it does not clearly warn users that stock codes, company names, industry terms, and related prompts may be transmitted to a third-party service. In an investment-analysis context, this can expose user research interests, watchlists, or proprietary analysis activity, creating a real privacy and data-governance issue even if no obvious secret is sent.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The skill sends stock name, symbol, and industry-derived queries to Tavily, an external service, without an explicit consent or disclosure point at the call site. In an agent environment, this creates a privacy and data-governance risk because user-provided or context-derived inputs are transmitted off-platform, potentially revealing research interests, portfolio targets, or proprietary watchlists.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A Tavily API key is hardcoded directly in source code, which is a real secret-exposure vulnerability. If this file is shared, committed to version control, or packaged with the skill, anyone who obtains it can use the key to consume the account quota, incur charges, or abuse the associated Tavily access; in an agent skill that performs external search, the operational context makes this more dangerous because the credential is intended for live network use.

Unpinned Dependencies

Low
Category
Supply Chain
Content
baostock>=0.8.8      # A 股历史数据 (主要数据源)
pandas>=2.0.0        # 数据处理和分析
numpy>=1.24.0        # 数值计算
dotenv>=0.9.9
# 报告生成
reportlab>=4.0.0     # PDF 生成
Confidence
91% confidence
Finding
dotenv>=0.9.9

Known Vulnerable Dependency: reportlab — 6 advisory(ies): CVE-2023-33733 (Reportlab vulnerable to remote code execution); CVE-2020-28463 (Server-side Request Forgery (SSRF) via img tags in reportlab); CVE-2019-19450 (ReportLab vulnerable to remote code execution via paraparser) +3 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
reportlab

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal