ClawHub

Stock Alert

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill appears purpose-aligned, but it stores and monitors financial watchlists with broad triggers and unclear disclosure around background checks and third-party quote lookups.

Review this carefully before installing. Use it only if you are comfortable with local storage of portfolio or alert data, recurring monitoring checks, and stock symbols being sent to Sina Finance for quote lookup. Prefer enabling alerts only after explicit confirmation, and check how to view or delete the local config and pending-alert files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases for portfolio analysis are broad enough that ordinary conversation such as '看看我的' or '分析一下' could activate sensitive behavior without clear confirmation. In this skill, that can cause reads of persistent portfolio/alert data and follow-on monitoring checks that reveal or act on user financial context unexpectedly.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Activating on any mention of stock codes or famous stock names is overly permissive and can trigger unsolicited quote lookups, config reads, and alert checks from incidental mentions. Because the skill also auto-reads pending alerts before answering stock questions, a casual mention could surface previously stored financial monitoring information unexpectedly.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description and flow do not clearly warn that setting alerts can lead to persistent local file writes and optional background scheduled monitoring. Users may consent to a conversational stock alert without realizing the skill stores data in home-directory files and can create recurring checks with side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends user-configured stock symbols to a third-party Sina Finance endpoint without explicit user disclosure or consent. Even though stock tickers are not highly sensitive by themselves, a monitored watchlist can reveal investment interests or strategy, and the network request also exposes usage metadata to the external service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal