ClawHub

Market Oracle

Security checks across malware telemetry and agentic risk

Overview

Market Oracle is a disclosed finance-analysis skill that fetches public news and market data, with no evidence of hidden credential access, persistence, trading, or destructive behavior.

Install this if you are comfortable with a Python finance tool contacting external news and market-data services. Use public news URLs only, consider running setup in a virtual environment, and treat outputs as informational analysis rather than investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to execute local Python tools that fetch remote news and market data, implying shell execution, network access, and likely file reads, yet no permissions are declared. This creates a transparency and policy-enforcement gap: the skill can perform sensitive actions users or the platform may not expect, making misuse or overreach harder to control.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases include very broad financial terms such as '黄金', '股票', 'bitcoin', and 'market analysis', which can match ordinary conversation and trigger the skill unintentionally. Unintended invocation matters more here because the workflow can launch external data fetches and analysis tools, causing unnecessary network activity, confusing context switches, or disclosure of user prompts to third-party data sources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal