ClawHub

A Stock Quant Lab

Security checks across malware telemetry and agentic risk

Overview

This is a coherent quant-research skill, but it includes broker, credentialed, live-trading, scheduled, and broader-market workflows that are not clearly bounded by the A-share/backtest description.

Install only if you intend to use a finance automation skill with market-data downloads, local databases, and possible broker/account integrations. Keep workflows in backtest or simulation mode by default, pin dependencies in a virtual environment, set a project-specific ZVT_HOME, and do not provide JoinQuant, QMT, email, or Eastmoney credentials unless the exact action, destination, symbol, quantity, schedule, and stop/rollback behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The human summary contradicts the declared skill scope by advertising support for HK and crypto despite the metadata stating the skill is limited to China A-shares. This mismatch can cause users or downstream agents to invoke the skill outside its validated domain, leading to incorrect code generation, misuse of unsupported providers, and unsafe assumptions about data coverage and trading behavior.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The seed materially expands scope beyond the manifest by routing US indices/equities, Hong Kong stocks, futures, currencies, and cross-asset comparisons. This kind of scope drift is dangerous because hosts or users may trust the narrower A-share-only description while the skill can activate broader market logic, data paths, and behaviors than expected.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The manifest markets the skill as a data/factor/backtest lab, but the seed includes live-trading and broker execution capabilities. This is a security-relevant mismatch because execution-capable skills carry meaningfully higher risk than research-only skills, especially if users or orchestration layers rely on the safer description.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The user-facing summary says the skill helps with A-shares, HK, and crypto while the manifest says A-shares only. This inconsistency can mislead users and automation about what markets are in scope, increasing the chance of inappropriate invocation, bad assumptions, or execution in unsupported contexts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The execute trigger is defined with broad natural-language conditions combining loosely matched intent terms and generic action verbs such as run, execute, 跑, and fetch. In an agent setting, this can cause unintended activation during ordinary discussion, leading the skill to initiate data collection, backtesting, or code generation without sufficiently explicit user confirmation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Short quoted trigger examples like '跟机构持仓' or 'MACD 回测' are ambiguous and may overlap with normal conversational references to trading topics. This raises the risk that the skill interprets exploratory discussion as an operational command, especially because the skill advertises that it will directly write and run code.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The execute trigger is keyed on broad positive terms plus generic action verbs like run/execute/backtest/fetch/collect. Such loose matching can cause unintended activation for ordinary analytical requests, which is risky in a skill that includes data collection, backtesting, and even execution-related pathways.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The intent router enumerates many broad capability terms and some ambiguity questions, but the trigger surface remains large relative to the skill's power. In context, that makes accidental or over-broad routing more dangerous because the same file also defines sensitive data and trading behaviors.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal