ClawHub

Yfinance Market Data

Security checks across malware telemetry and agentic risk

Overview

This skill is listed as a Yahoo Finance data helper, but its own files also steer agents toward ZVT backtesting, strategy generation, broker/provider credential use, local writes, and skill creation.

Install only if you want a broader finance/quant assistant, not merely a Yahoo Finance data lookup skill. Review any workflow before allowing package installs, local data initialization, broker or paid-provider credentials, generated code, result-file writes, or saved skill files, and do not rely on its data for live trading without independent verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (17)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is advertised as a Yahoo Finance market-data retrieval capability, but the documented pipeline expands into factor computation, target selection, trading execution, and visualization. This scope drift is dangerous because an orchestrator or user may authorize a low-risk data skill while actually enabling higher-risk trading behavior and downstream decision-making not disclosed by the manifest.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documentation asks for non-Yahoo providers, broker-adjacent sources, and strategy/backtest parameters, which materially exceeds the stated yfinance-only data-access purpose. This can mislead routing and permission decisions, causing a supposedly read-only finance data skill to collect broader inputs and participate in investment or execution workflows.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The title and description frame the artifact as a yfinance market-data skill, while the embedded content describes trading and broker-oriented behavior. This inconsistency weakens trust boundaries and can cause users or calling systems to invoke the skill under false assumptions about what it may do.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The human summary materially conflicts with the declared skill purpose: instead of a Yahoo Finance global market-data skill, it describes a ZVT-based A-share/HK/crypto quant research and backtesting assistant. This kind of capability/identity mismatch is dangerous because it can mislead the agent or user into invoking the wrong tools, generating code for unsupported systems, or handling requests outside the reviewed security boundary.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file defines trading and backtesting semantic locks plus ZVT-specific operational preconditions, which materially exceed and conflict with the declared purpose of a Yahoo Finance market-data retrieval skill. This kind of capability mismatch can mislead downstream agents into attempting strategy or trade-related actions, introduce unsafe assumptions, and pull in unrelated tooling and stateful side effects.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented constraints include sell/buy execution ordering, next-bar execution, factor pipeline ordering, and signal schema rules that belong to a trading or strategy engine rather than a read-only market-data skill. In context, these instructions can cause an agent to over-trust hidden functionality or misuse the skill for portfolio actions that the user did not request.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The preconditions instruct installation, initialization, and recorder execution for the unrelated ZVT framework, despite the skill being described as Yahoo Finance market-data retrieval. This unnecessary dependency expansion increases attack surface, can trigger unexpected code execution or local filesystem modification, and may confuse agents into performing side-effectful setup outside the declared skill boundary.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The seed content materially diverges from the advertised skill purpose: instead of a bounded Yahoo Finance market-data retriever, it embeds a far broader ZVT/A-share strategy, backtesting, trading, storage, validation, and execution framework. This kind of capability mismatch is dangerous because users and host policy may grant permissions or trust based on the benign market-data description while the artifact can steer execution into unrelated, higher-risk behaviors.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The user-facing summary says the skill helps build A-share quant strategies with ZVT, which directly contradicts the Yahoo Finance market-data metadata. Contradictory documentation increases the chance of unsafe invocation and informed-consent failure, because users may trigger code generation or trading workflows they did not expect from a data-fetching skill.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Defining trading and backtesting execution flows inside a market-data skill expands the operational blast radius from passive retrieval to potentially consequential financial-action support. Even if no live orders are placed here, execution-oriented scaffolding can generate misleading or unsafe strategy artifacts under the guise of a low-risk data skill.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Automatic code generation, workspace writes, and skill-saving are unnecessary for a simple market-data fetcher and create persistence and lateral-behavior risks. A user asking for data could unintentionally cause files to be written or durable skills to be created, which is a meaningful escalation of effect beyond the declared purpose.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The execute trigger is based on broad intent matching plus generic action verbs rather than an explicit invocation phrase. In an agent environment, this increases the chance of accidental activation during normal discussion about finance, data collection, or backtesting, potentially causing unintended external calls or workflow execution.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Several trigger terms, such as timezone, validation, repair, and historical data, are generic enough to appear in ordinary conversation. Overbroad triggers raise the risk that the skill activates outside the user's intent, especially in multi-tool agent systems where activation may cascade into data retrieval or trading-related flows.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The execute trigger is overly broad, matching common verbs like run, execute, fetch, and collect. This raises the risk of unintended activation, especially when combined with the skill's hidden broader capabilities, allowing ordinary user phrasing to trigger workflows with side effects.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Several sample triggers are generic phrases that do not clearly constrain which capability will run. In a skill already suffering from scope confusion, vague triggers increase the chance that users invoke data collection, screening, or execution-adjacent behavior without realizing which path the system selected.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill promotes live trading or streaming behavior without a clear upfront warning that Yahoo-derived data is delayed and best-effort. In financial contexts this is especially dangerous because users may rely on stale or incomplete data for time-sensitive decisions, leading to monetary loss.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The dismissive note about US stock support being 'half-baked' is not an adequate safety disclosure. It signals reliability problems but fails to state concrete risks such as incomplete coverage, data errors, and unsuitability for decision-making, which may lull users into proceeding anyway.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal