ClawHub

Retail Investor Radar

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward A-share stock report generator, with expected external API use and local report saving that users should be aware of.

Install only if you are comfortable with stock queries and compiled public market/news data being sent to DeepSeek, and with generated reports/logs being saved locally unless you change config.yaml. Do not enter private portfolio details, account credentials, or trading plans unless you intend that information to be processed by the external LLM service. Treat the report as informational rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares required environment variables, Python packages, and documented runtime behavior that includes reading configuration, writing logs/output, and making network requests, but it does not expose any explicit permission model for those capabilities. This creates a transparency and governance gap: users or hosting platforms may invoke the skill without realizing it can access secrets, local files, and remote endpoints, increasing the risk of unintended data exposure or overly broad execution privileges.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill saves generated reports to disk by default even though the user-facing description does not disclose local persistence. This can create unintended data retention of prompts, derived analysis, or embedded market/news content on shared systems, especially because the filename includes stock identifiers and names.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description includes broad natural-language triggers such as '这只股票怎么样' and '值不值得买', which can match ordinary conversation and cause the skill to activate unexpectedly. In a finance context, accidental invocation is more sensitive because it may send user-provided stock queries to external APIs and generate investment-oriented outputs without clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends the full prompt, which includes compiled stock/report input data and recent news, to a third-party LLM service without any explicit runtime notice or consent mechanism in this file. Even if the stock data is public, user queries, derived analysis context, and usage patterns may still constitute sensitive telemetry and create privacy/compliance risk when transmitted externally.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The program writes reports to disk without prior user notice or confirmation, only informing the user after the file has already been created. In shared or managed environments, this can leave behind analysis artifacts the user did not expect to persist.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal