ClawHub

Stock Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock-monitoring tool that polls financial data sources and can run as a user-started background monitor, with no evidence of credential theft, destructive actions, or hidden execution.

Install only if you are comfortable with a background process polling third-party financial sites for the stock codes and names in its watchlist. Treat its buy/sell/hold-style suggestions as informational alerts, not professional financial advice, and use the provided stop command when continuous monitoring is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill appears to require network access for market/news retrieval and continuous monitoring, but no permissions are declared in the manifest. Undeclared network capability weakens transparency and consent, making it harder for users or a hosting platform to understand what external access the skill will perform.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented/observed behavior goes well beyond simple stock alerts into news scraping, sentiment analysis, capital-flow tracking, macro analysis, and investment advice. This scope expansion is dangerous because users may grant trust based on a narrow monitoring description while the skill performs broader data collection, external fetching, and advisory functions with different risk and compliance implications.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The documentation markets the tool as an 'intelligent advisory system' with analysis and recommendations, while the manifest presents it as a monitoring/alert skill. This mismatch can mislead users about the degree of autonomy, external data use, and decision-support functionality, increasing the chance of unsafe reliance or unexpected behavior.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The changelog advertises news and sentiment-analysis capabilities that are outside the stated seven-rule alert scope. Hidden or under-declared functionality is a security and trust issue because it suggests the effective behavior may exceed what users or reviewers expect from the manifest.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal