ClawHub

Vnstock Environment Setup for Python Vibe Coding

Security checks across malware telemetry and agentic risk

Overview

This Vnstock setup skill is not clearly malicious, but it can run high-impact installers and persistently overwrite project and agent-guidance files.

Install only in a clean or backed-up project. Before running setup_agent_guide.py, review the remote guide source and confirm exactly which docs, skills, AGENTS.md, CLAUDE.md, and Git changes will be made. Avoid pipe-to-bash Sponsor installation unless you trust and verify the source, and do not pass API keys through inline remote shell commands if a safer installer or manual flow is available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly directs shell execution, environment inspection, and filesystem modification, yet no explicit permission model is declared. That gap can let an agent perform sensitive actions without transparent gating or user-approved scope, increasing the chance of unintended system changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The stated purpose sounds like diagnostics and setup, but the behavior described by the analyzer extends into repository modification, Git configuration, remote cloning, and overwriting local content. This mismatch is dangerous because users and agents may authorize the skill under a narrower trust model than the actions it can actually take.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script goes beyond environment diagnostics and performs broad repository mutation: it initializes git, stages files, creates commits, clones remote content, overwrites selected skills, and replaces the docs directory. In an agent-skill context, this is dangerous because running a seemingly setup-oriented skill can silently alter project state and implant or replace operational guidance files that influence later agent behavior.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script installs system software and invokes privileged package-manager commands, including sudo apt-get and a downloaded Windows installer, even though the advertised purpose is environment setup/diagnostics. In a skill context, this increases danger because users may authorize the skill expecting local validation, not system-wide package installation with elevated privileges and external binary retrieval.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs piping remote content directly into bash without a prominent user-facing warning, integrity verification, or review step. This allows arbitrary code from the network to execute immediately on the host, which could lead to full compromise if the remote endpoint or delivery path is malicious or tampered with.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script silently stages all files, sets git identity, and creates commits without explicit user consent. This can capture sensitive or unrelated workspace content into version control and alters audit history under an agent-controlled identity, which is especially risky in an automation/skill setting where users may not expect repository writes.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script deletes and replaces existing skill directories and the docs directory, with only a single flag for docs and no per-operation confirmation for skills. This can destroy local customizations and replace agent-instruction files with remote content, creating both integrity risk and a supply-chain-like path for changing future agent behavior.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Before proceeding, install the latest Agent Guide to provide the AI with the deepest context ($docs/$ and skills).

1. **Check for existing docs:** `ls -d docs/ 2>/dev/null`
2. **Request Permission:** If `docs/` exists, you MUST pause and ask the user (e.g. using `notify_user`): *"Thư mục `docs/` đã tồn tại. Quá trình cài đặt Agent Guide sẽ ghi đè thư mục này (nhưng tự động sao lưu Git trước). Bạn có đồng ý không?"*
3. **Execute Setup:**
```bash
# Mac/Linux (append --confirm-docs-overwrite if permission was granted)
Confidence
73% confidence
Finding
Permission:*

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# Vnstock Environment Setup & Diagnostics

> **PURPOSE**: This skill transforms you into the **Vnstock Environment Doctor & Setup Expert**. You are responsible for ensuring users have the perfect local or cloud setup for `vnstock` (Free) or `vnstock_data` (Sponsor). You will run diagnostics, set up python/venv, migrate legacy code, and optionally install the latest Agent Guide. **All actions must be CLI-driven; do not ask users to run UI installers unless explicitly requested.**

## ⚡ TRIGGER DETECTION
Confidence
78% confidence
Finding
do not ask user

Session Persistence

Medium
Category
Rogue Agent
Content
2. **Request Permission:** If `docs/` exists, you MUST pause and ask the user (e.g. using `notify_user`): *"Thư mục `docs/` đã tồn tại. Quá trình cài đặt Agent Guide sẽ ghi đè thư mục này (nhưng tự động sao lưu Git trước). Bạn có đồng ý không?"*
3. **Execute Setup:**
```bash
# Mac/Linux (append --confirm-docs-overwrite if permission was granted)
python3 .agents/skills/vnstock-env-setup/scripts/setup_agent_guide.py

```powershell
Confidence
71% confidence
Finding
write if permission was granted) python3 .agents/skills/vnstock-env-setup/scripts/setup_agent_guide.py ```powershell # Windows (append --confirm-docs-overwrite if permission was granted) py .agents/s

External Script Fetching

High
Category
Supply Chain
Content
| **3. Create Venv (Win)**| `py -m venv $env:USERPROFILE\.venv; & "$env:USERPROFILE\.venv\Scripts\Activate.ps1"` |
| **4. Install Dependencies**| `pip install -r https://vnstocks.com/files/requirements.txt` |
| **5. Free Tier Setup** | `pip install vnstock -U` |
| **6. Sponsor Tier Setup** | **Linux**: `wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "API_KEY"`<br>**Mac**: `curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "API_KEY"`<br>**Win (PowerShell)**: `pip install -r https://vnstocks.com/files/requirements.txt; pip install --extra-index-url https://vnstocks.com/api/simple vnstock_installer; py -m vnstock_installer` |
| **7. Agent Guide Install** | **Mac/Linux:** `python3 .agents/skills/vnstock-env-setup/scripts/setup_agent_guide.py --confirm-docs-overwrite`<br>**Win:** `py .agents/skills/vnstock-env-setup/scripts/setup_agent_guide.py --confirm-docs-overwrite` |

---
Confidence
99% confidence
Finding
curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash

External Script Fetching

High
Category
Supply Chain
Content
wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash -s -- --non-interactive --api-key "USER_API_KEY" --accept

# Mac
curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash -s -- --non-interactive --api-key "USER_API_KEY" --accept

# Windows (PowerShell)
pip install --extra-index-url https://vnstocks.com/api/simple vnstock_installer
Confidence
99% confidence
Finding
curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash

External Script Fetching

High
Category
Supply Chain
Content
| **3. Create Venv (Win)**| `py -m venv $env:USERPROFILE\.venv; & "$env:USERPROFILE\.venv\Scripts\Activate.ps1"` |
| **4. Install Dependencies**| `pip install -r https://vnstocks.com/files/requirements.txt` |
| **5. Free Tier Setup** | `pip install vnstock -U` |
| **6. Sponsor Tier Setup** | **Linux**: `wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "API_KEY"`<br>**Mac**: `curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "API_KEY"`<br>**Win (PowerShell)**: `pip install -r https://vnstocks.com/files/requirements.txt; pip install --extra-index-url https://vnstocks.com/api/simple vnstock_installer; py -m vnstock_installer` |
| **7. Agent Guide Install** | **Mac/Linux:** `python3 .agents/skills/vnstock-env-setup/scripts/setup_agent_guide.py --confirm-docs-overwrite`<br>**Win:** `py .agents/skills/vnstock-env-setup/scripts/setup_agent_guide.py --confirm-docs-overwrite` |

---
Confidence
99% confidence
Finding
wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash

External Script Fetching

High
Category
Supply Chain
Content
**If they are a Sponsor User (requires API key):**
```bash
# Linux
wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash -s -- --non-interactive --api-key "USER_API_KEY" --accept

# Mac
curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash -s -- --non-interactive --api-key "USER_API_KEY" --accept
Confidence
99% confidence
Finding
wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal