ClawHub

A Share Stock Dossier

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is transparent about using web research and market-data APIs, with no evidence of hidden credential use, persistence, or destructive behavior.

Install only if you want an agent to perform web-heavy A-share stock research and run the included market-data helper. Avoid putting unnecessary personal financial details into prompts, verify important facts independently, and do not treat generated portfolio actions as automatic trading instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly instructs use of network-capable tools (`web_search`, `web_fetch`, `browser`) and external market-data scripts, yet no permissions are declared. Undeclared network capability weakens sandboxing and review assumptions, increasing the chance of unvetted outbound access, data exfiltration, or SSRF-style misuse if the runtime honors the behavior rather than the manifest.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
A large description-behavior mismatch is a security and trust problem because users and reviewers may approve the skill for analyst-grade, evidence-bound workflows while the actual implementation lacks those safeguards and verification steps. That can lead to unsafe reliance on incomplete or fabricated analysis, hidden capability gaps, and misuse of tools under false expectations.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation text uses broad, common trigger phrases covering many stock-analysis scenarios without tight boundaries. Over-broad activation can cause the skill to run in unintended contexts, leading to unnecessary tool use, overcollection from the web, and financially sensitive advice generation when the user did not clearly request this specialized workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal