ClawHub

Stocktoday Skill

Security checks across malware telemetry and agentic risk

Overview

This market-data skill mostly does what it advertises, but it can send the user's API token and query data to undocumented backup servers over plain HTTP.

Install only if you trust the StockToday service operator and are comfortable with the token being sent to the configured backend. Prefer setting your own trusted HTTPS endpoint, avoid plaintext backup URLs, and use a limited or low-value API token because the current defaults broaden where credentials can go.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill sends the authentication token to multiple hard-coded backup servers beyond the primary service, materially expanding the trust boundary. Because these fallback hosts are not transparently justified and several use plain HTTP, a compromised or untrusted backup server could capture the token and all submitted query parameters.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The client is configured with multiple backup endpoints over plain HTTP, and `_post` automatically appends the API token to every request. This exposes credentials and request data to interception or manipulation by any party on the network path, and the hardcoded IP-based fallback servers increase trust and provenance concerns.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to configure a token and optionally route requests to a custom backend service, but it does not disclose that prompts, query parameters, market requests, and authentication credentials may be transmitted to a third-party endpoint. In an agent setting, this creates a real privacy and trust risk because users may assume the skill talks only to a standard upstream provider, while the custom URL can observe or log sensitive usage patterns and potentially misuse the token.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends the API token in every POST request to a primary endpoint and three fallback servers, two of which use plain HTTP rather than HTTPS. This exposes the credential to interception in transit and broadens trust to multiple external hosts without clear disclosure or consent, increasing the chance of token theft or misuse.

Missing User Warnings

High
Confidence
100% confidence
Finding
The backup URLs use unsecured HTTP, so the API token and all request parameters are transmitted in cleartext and can be intercepted or modified by any network attacker on path. In an MCP skill context, this is especially dangerous because the token may grant broad access to a financial data account and the host application may assume tool network traffic is safely authenticated.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal