ClawHub

Agent Stock Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a stock-analysis assistant, but it gives actionable trading recommendations, installs tools, saves portfolio reports, and can send PDFs through WeChat without clear confirmation steps.

Install only if you are comfortable with an agent producing actionable trading recommendations, installing Python packages, writing portfolio/trade reports to local dist/ folders, and sending generated PDFs through WeChat. Treat outputs as informational, confirm every file write or outbound send yourself, and do not let it run unattended for real financial decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to install Python, pip/uv packages, and additional tooling on the host in order to satisfy prerequisites. That expands the skill from stock analysis into environment modification and package installation, which can alter the system state, introduce supply-chain risk, and enable unnecessary privileged actions if executed automatically.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The workflow triggers are broad and map generic user intents like stock screening, trading decisions, and holdings analysis directly to internal documents without clear boundaries, exclusions, or explicit invocation conditions. Overbroad activation increases the chance the skill is invoked in unintended contexts, potentially causing high-risk financial advice or downstream actions when the user did not clearly request them.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill presents trading decision support, automated stock screening, and scheduled PDF/report sending without prominent user-facing warnings about financial risk, automation risk, or the possibility of acting on incomplete or time-sensitive market data. In a finance context this is especially dangerous because users may treat the output as actionable investment guidance and permit unattended workflows with real-world consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to save detailed holdings analysis to a local file under dist/holdings without any explicit user consent, disclosure, or data-minimization guidance. Because holdings data can contain sensitive financial information, silent persistence increases the risk of unintended retention, later exposure, or access by other tools/users on the same system.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to save generated trading results to a local path under `dist/trade/...` without any explicit user consent, warning, or disclosure that data will be persisted. Because the saved content includes trading decisions and may reflect user account context, this can create unintended local data retention, privacy leakage, or overwrite/clutter risks in environments where filesystem writes are sensitive.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow instructs the agent to generate a PDF and automatically send it to the current WeChat user, but it does so without any explicit user-consent, privacy notice, or transmission guardrails. Even though the report content is primarily market analysis, automatic outbound delivery can expose sensitive user-derived inputs, account context, or generated files to an external messaging channel without a deliberate approval step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to write analysis results to a local file path under `dist/trade/...` without any user disclosure, confirmation, or clear boundary on when filesystem writes are permitted. In an agent environment, silent file creation can violate user expectations, leak sensitive trading/account analysis into local storage, and create persistence side effects that outlive the session.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal