ClawHub

Stocktoday Data

Security checks across malware telemetry and agentic risk

Overview

This skill is a finance-data helper, but it sends a sensitive Tushare token through a custom StockToday gateway with inconsistent disclosure and unsafe HTTP backup endpoint guidance.

Install only if you intentionally trust StockToday to receive your Tushare token and query history. Prefer an isolated or low-privilege token, avoid any HTTP gateway, and review how the provider handles logging, retention, and credential protection before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation says tokens are not uploaded to any third party, yet the code explicitly rewrites the Tushare client endpoint to `https://tushare.citydata.club/`, a StockToday-controlled backend. Any authenticated API call will necessarily transmit the user's token and query data to that third party, creating a material trust and credential-handling risk through deceptive disclosure.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are extremely broad everyday language such as '看下 XX 最近怎么样' and '快速研究 XX', which can cause unintended invocation and automatic routing of user requests into this skill. In context, unintended activation is more dangerous because the skill is designed to redirect traffic to a third-party backend, so accidental use may leak tokens, securities symbols, or research intent without informed user choice.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description emphasizes compatibility and speed but does not clearly warn users up front that requests are routed away from the official Tushare service to a custom third-party backend. That lack of prominent disclosure undermines informed consent and increases the risk that users unknowingly send API credentials and financial research data to an untrusted intermediary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code automatically takes a TUSHARE_TOKEN from the environment and injects it into a monkey-patched client that redirects all API traffic to a third-party StockToday gateway. Users expecting the official tushare backend may unknowingly send their credential to an untrusted endpoint, enabling credential capture, misuse of paid API access, and exposure of queried data. The skill context makes this more dangerous because the description explicitly promotes hijacking the official library while claiming compatibility, which increases the chance of deceptive credential reuse.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The fallback gateways use plaintext HTTP, so API requests and authentication tokens can be intercepted or modified by any on-path attacker. Because this skill is designed to reroute tushare traffic and credentials to alternate backends, the lack of TLS materially increases the risk of credential theft, tampering with returned financial data, and silent man-in-the-middle attacks.

Unpinned Dependencies

Low
Category
Supply Chain
Content
tushare>=1.4.0
pandas>=1.0
Confidence
95% confidence
Finding
tushare>=1.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
tushare>=1.4.0
pandas>=1.0
Confidence
98% confidence
Finding
pandas>=1.0

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal