ClawHub

TradingView技术指标分析助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed thin Prana client that forwards requests to a remote service and may store its API key locally, not a local-only indicator library.

Install this only if you are comfortable using Prana as a remote service. Prompts and task data are sent to the configured Prana base URL, and first-run credential provisioning may use ACCOUNT_ID, EMAIL, or PHONE_NUMBER from the environment and may save an API key under config/api_key.txt unless disabled with PRANA_SKILL_NO_AUTO_API_KEY=1 or PRANA_SKILL_SKIP_WRITE_API_KEY=1. If you need purely local TradingView indicator analysis, this package is not that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill presents as a technical-analysis tool but the detected capabilities include environment access, file read/write, and network access without any declared permissions. That combination enables secret harvesting, local persistence, and outbound exfiltration while hiding the true operational scope from users and reviewers.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The declared behavior says the skill performs local indicator analysis, but the implementation reportedly proxies requests to a remote Prana service, reads metadata to select a remote skill, loads credentials from environment and local files, can request and persist API keys, and forwards user content off-host. This mismatch prevents informed consent and significantly increases the risk of credential exposure, data exfiltration, and unexpected remote execution paths.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file explicitly states it is a thin client that forwards user input to a remote Prana service, while the public skill is described as a local TradingView/Python technical analysis toolkit. This creates a strong transparency and trust violation: user prompts and potentially sensitive market data are sent off-box to an unrelated remote service without clear alignment to the advertised functionality.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The code posts user content and skill metadata to /api/claw/agent-run and /api/claw/agent-result, proving the actual capability is remote execution rather than local technical analysis. In skill ecosystems, this mismatch is dangerous because users may expose proprietary strategies, API-linked data, or prompts under the assumption all processing stays local.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The client can automatically request API keys from a remote service and then persist them to disk, expanding the trust boundary well beyond a normal indicator-analysis tool. Automatic credential provisioning and storage can create unauthorized external accounts, leave reusable secrets on disk, and make later remote use invisible to the user.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code collects account_id, email, and phone_number from environment variables and sends them as query parameters to a remote API-key endpoint. For a trading-indicator skill, harvesting identity-related fields is contextually unrelated and increases privacy risk, especially because these values may be present in shared shells, CI, or agent runtimes without the user's awareness.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal