ClawHub

akshare-local-workbench

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local AKShare financial-data workbench, with optional user-configured AI features that need privacy care but do not show hidden or malicious behavior.

Install only if you are comfortable running a local financial-data workbench that installs Python/npm dependencies and contacts public data providers. If you enable AI, use a provider you trust, avoid entering sensitive financial/account information into chat, and treat the local ai_config.json file as a secret because it stores the API key in plaintext.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code persists a plaintext API key to a local JSON file on disk without any protections such as OS keychain storage, file-permission hardening, encryption, or user disclosure. Even in a single-user local tool, other local users, malware, backups, logs, or accidental file exposure can recover the credential and use it to access the configured AI provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code forwards the full conversation history and a catalog/context payload to a third-party LLM endpoint via requests.post, but this file shows no consent gate, minimization, or disclosure before transmitting potentially sensitive user content. In a financial-data workbench, prompts may include investment interests, symbols, account-related notes, or proprietary research context, so silent external exfiltration to a model provider creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The component sends the user's natural-language prompt and prior chat history to the external AI planning service via aiPlan(history), but the UI only indicates that an AI model must be configured and does not clearly warn that entered data will be transmitted to a third-party model provider. This can lead users to disclose sensitive financial queries, credentials, or proprietary data without informed consent, which is a genuine privacy/security issue in a finance-oriented workbench.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal