ClawHub

StockBuddy

Security checks across malware telemetry and agentic risk

Overview

StockBuddy appears to be a real stock-analysis tool, but it needs review because setup can alter system Python and an automatic database migration can delete stored positions.

Review the scripts before installing. Prefer a virtual environment instead of running install_deps.sh on system Python, and back up ~/.stockbuddy/stockbuddy.db before first use or upgrade. Confirm before allowing the skill to read or modify portfolio, account, cash, or watchlist data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill directs the agent to run local scripts that write to a SQLite database under the user's home directory and fetch market data from network sources, yet it declares no permissions or capability boundaries. This creates a transparency and policy-enforcement gap: a host system may allow the skill to perform file writes and network access without explicit user or platform awareness, increasing the risk of unintended persistence or external data exfiltration paths.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script performs persistent state changes during what is presented as an analysis operation: it writes watchlist metadata and caches analysis/news/event data to a local database. In an agent context, hidden writes can violate user expectations, create privacy/retention issues, and allow unreviewed side effects from a seemingly read-only skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description and trigger language are broad enough to activate on generic finance conversations such as buy/sell advice, portfolio review, or practical trading actions. Over-broad invocation can cause the skill to capture conversations outside the user's intended scope and then invoke scripts with persistence or network behavior, which raises the chance of unintended actions or data handling.

Missing User Warnings

Low
Confidence
75% confidence
Finding
The script writes JSON output to an arbitrary user-specified path and overwrites the target file without confirmation or safety checks. In an agent or automated execution setting, this can clobber existing files or write into unintended locations if the output path is attacker-controlled or derived from untrusted input.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal