ClawHub

tushare-finance

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tushare financial-data helper with some broad Python and data-export behavior users should handle carefully, but I found no hidden, destructive, or exfiltration behavior.

Install only if you are comfortable giving the agent Python execution for Tushare/Pandas workflows and access to your Tushare token. Keep the token out of shared dotfiles or repositories, prefer a session environment variable or secret manager, and direct exports only to intended project folders. Treat the bundled reference as broad Tushare documentation, not strictly finance-only documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This documented interface exposes nationwide film script filing data, which is outside the skill's declared finance-market and macroeconomic scope. Scope drift in a skill increases the chance that an agent may access unrelated datasets without user expectation, weakening least-privilege boundaries and potentially enabling unauthorized or inappropriate data retrieval.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented API exposes nationwide TV drama filing and publicity records, which is unrelated to the skill’s declared purpose of finance and macroeconomic market data. This kind of scope expansion increases the attack surface and can enable unauthorized or unexpected data access through a skill users and downstream systems would reasonably trust only for financial datasets.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Providing entertainment-regulatory record data under a finance-market data skill is a capability mismatch that can mislead users, policy layers, or automated routing into granting access broader than intended. While the data shown is not obviously highly sensitive, the dangerous part is the unjustified expansion beyond the declared trust boundary of the skill.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file expands the skill from finance and macroeconomic data into a broad national policy/regulatory text repository, which is outside the declared scope. This scope drift can cause the agent to retrieve and rely on unexpected non-financial content, weakening least-privilege assumptions, confusing routing/authorization boundaries, and increasing the chance of misuse or prompt/data overreach.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This documented interface is materially outside the skill’s declared scope of finance-market and macroeconomic data, expanding the tool into general political/news transcript retrieval. That scope drift can cause inappropriate tool invocation, unexpected data handling, and policy misalignment, especially because the content is politically sensitive and could be surfaced to users under a finance-oriented trust boundary.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The `export_data` method allows writing retrieved data to an arbitrary local path, but this file-write capability is not reflected in the skill's stated purpose of financial data retrieval. In an agent setting, unscoped file output can be abused to overwrite local files, place data in sensitive locations, or persist data unexpectedly beyond the user's intent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code accepts an arbitrary `output_file` path and writes CSV/JSON/Excel content directly to it without path restrictions, overwrite protections, or authorization checks. Even though the data being exported is financial data, the dangerous part is the generic filesystem write primitive, which expands the skill from data retrieval into local state modification.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to place the Tushare token directly in shell startup files and a YAML config in plaintext, but does not warn that this can expose credentials via dotfile backups, shell history, screen sharing, repo commits, or permissive filesystem access. This is not malware, but it is an insecure credential-handling practice that can lead to token leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document exposes and exemplifies access to personal profile fields for listed-company managers, including name, gender, nationality, birthday, and free-text resume, without any privacy warning, minimization guidance, or usage restrictions. Even if this data originates from public market disclosures, aggregating it into an easy-to-query API increases privacy and profiling risk, especially when combined with other datasets.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation explicitly states this is a crawler-based interface pulling data from external websites and not through Tushare servers, but it does not clearly warn users at the point of use that invoking the API triggers third-party network access and may have privacy, compliance, or availability implications. In an agent/tooling context, this matters because a user may believe they are querying only a trusted platform while the skill actually reaches external sources, which can create unexpected data disclosure (IP/account linkage), legal/compliance, or reliability risks.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The document embeds mandatory ideological framing ('学习贯彻我党的重要指示精神', '弘扬社会主义新价值观') rather than presenting the dataset in neutral technical terms. In an agent skill, this can bias generated outputs, create hidden behavioral constraints, and increase the risk that the tool is used to inject political persuasion or propagandistic framing into otherwise neutral finance workflows.

Unpinned Dependencies

Low
Category
Supply Chain
Content
tushare>=1.2.60
pandas>=1.5.0
Confidence
92% confidence
Finding
tushare>=1.2.60

Unpinned Dependencies

Low
Category
Supply Chain
Content
tushare>=1.2.60
pandas>=1.5.0
Confidence
95% confidence
Finding
pandas>=1.5.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal