ClawHub

Tqsdk Futures Api

Security checks across malware telemetry and agentic risk

Overview

This finance skill is not clearly malicious, but it mixes TqSdk futures branding with ZVT stock/crypto workflows and unclear trading credential boundaries.

Install only after confirming whether you want a TqSdk futures skill or a ZVT A-share/HK/crypto backtesting skill. Do not provide broker, wallet, exchange, paid data-provider, or live trading credentials unless the skill is corrected to define exact scope, simulation defaults, permissions, and confirmation steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is branded and described as a TqSdk futures interface, but these lines broaden scope to A-share, HK, crypto, and unrelated providers such as eastmoney, joinquant, baostock, akshare, and qmt. This kind of scope drift can cause an agent to select the wrong market, data source, or execution logic, leading to unsafe automation, incorrect financial outputs, or misuse of a skill outside its verified domain.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document presents itself as a futures API, but the surrounding workflow and use-case framing describe stock/index research behavior centered on A-share semantics. In an agent setting, this inconsistency can misroute user requests and produce trading or backtesting actions using the wrong asset assumptions, which is especially risky in finance where market structure and identifiers differ materially.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The human summary describes a different product domain (ZVT for A-share/HK/crypto quant workflows) than the declared skill metadata (TqSdk for Chinese futures/options). This mismatch can cause the agent to invoke the wrong skill, generate incorrect code or data workflows, and mislead users about market coverage and capabilities; in an automated system, that can result in erroneous trading actions or unsafe downstream decisions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The seed content is materially inconsistent with the declared skill identity: the metadata says TqSdk futures, but the operational logic, preconditions, user-facing text, and constraints target ZVT and A-share workflows. This can cause the host to install the wrong packages, run the wrong commands, and generate incorrect code or trading behavior under a false skill label, which is a serious integrity and safety issue for an execution-capable finance skill.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The capability tags and injected constraints declare cn-astock/backtesting semantics, while the skill is presented as a TqSdk futures API skill. This mismatch can drive incorrect guardrails, compliance rules, execution assumptions, and user guidance, potentially leading to wrong market behavior or unsafe autogenerated trading logic.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The user-facing persona explicitly claims the skill helps build A-share strategies with ZVT, directly contradicting the declared TqSdk futures identity. In an agent setting, misleading user-facing guidance is dangerous because it can steer users into executing the wrong framework, wrong broker/account flow, or wrong market assumptions without noticing the discrepancy.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords are generic terms like demo, quote, price, volatility, and option, which are common across many unrelated finance requests. Overbroad triggers increase the chance that the agent activates this skill unintentionally, causing incorrect tool selection, domain confusion, and potentially unsafe generation of finance-related code or recommendations under the wrong assumptions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The execute condition is ambiguous because it relies on broad intent matching plus common action verbs like run, execute, 跑, 执行, backtest, fetch, and collect without clear precedence or exclusion rules. In an autonomous agent, this can lead to accidental invocation on ordinary conversational requests, increasing the risk of unintended data access, backtest execution, or finance workflow generation.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The summary uses expansive language such as 'Just tell me what you want; I'll write the code,' which can over-broaden routing and cause the skill to be selected for generic quant or trading requests outside its intended scope. In combination with the already-misaligned description, this increases the chance of inappropriate invocation and unreliable outputs, especially in agentic environments that rely on natural-language summaries for tool selection.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The execute trigger combines broad intent matching with generic action verbs like run/execute/fetch/collect, which increases the chance of accidental invocation. In a finance/trading skill, unintended execution can trigger installs, data pulls, or strategy actions from ambiguous user requests, creating avoidable operational risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal