ClawHub

Institutional Flow Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent financial-research tool that uses a disclosed FMP API key, but users should treat its buy/sell language as non-personal research rather than investment advice.

Install only if you are comfortable providing an FMP API key and installing Python requests. Use an environment variable for the key, run the scripts in a controlled environment, verify any 13F data and generated reports independently, and do not rely on the skill's buy/sell labels as personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script and skill metadata claim institutional portfolio tracking and 13F flow analysis, but this code only prints a disclaimer and redirects users to third-party sites. This is dangerous because users may rely on the advertised capability for investment research or automation and receive no actual analysis, creating integrity and trust issues that can lead to poor decisions or misuse in downstream workflows.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The CLI accepts institution identifiers and presents itself as if it will track a portfolio, but it only echoes user input and constructs URLs. In a financial-analysis skill, this mismatch is security-relevant because it can mislead users, agents, or pipelines into believing a substantive analysis occurred when none did, undermining decision integrity.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly tells users they can pass the FMP API key on the command line, which can expose the credential through shell history, process listings, job logs, or shared terminal tooling. While this is documentation rather than executable code, it still promotes an insecure secret-handling practice that can lead to credential leakage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes action-oriented investment language such as 'Consider buying' and 'Consider selling/avoiding' without a clear, prominent disclaimer that the material is informational and not personalized financial advice. This can mislead users into treating lagged 13F-based signals as direct recommendations, increasing risk of harmful financial decisions and compliance exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The framework gives direct investment instructions such as BUY, SELL, ADD, and SHORT with position sizing and expected outcomes, but does not place a clear user-facing warning near those recommendations that this is not financial advice and that losses may occur. In a financial decision-support skill, this can cause users to over-trust model output as personalized investment guidance, increasing the risk of harmful financial decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal