ClawHub

Portfolio Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed portfolio-analysis tool that uses Alpaca account data and creates local reports, but it does not show hidden trading, exfiltration, or destructive behavior.

Install only if you are comfortable giving the agent access to your Alpaca portfolio data. Use paper trading or read-only credentials when possible, confirm before live account access, avoid saving reports in shared or source-controlled folders, and treat buy/sell or tax suggestions as informational rather than professional financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill expands from analysis into management-oriented outputs, including concrete trade quantities and writing a report file. In a financial context, this increases risk because it can drive actionable trading decisions and persist sensitive holdings data locally, broadening both compliance and privacy exposure.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The instructions authorize WebSearch or other external market data APIs beyond the stated Alpaca MCP scope. This broadens outbound data flow and trust assumptions, potentially leaking portfolio symbols or analysis context to third parties without the user understanding that additional services are involved.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The guide documents access to orders and account activities, which expands the effective data-access scope beyond simple portfolio analysis into transaction and activity history. In a brokerage context, this increases exposure of sensitive financial behavior and can enable over-collection relative to the skill's stated purpose, violating least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The skill claims to rely on Alpaca MCP integration, but this script directly reads raw Alpaca API credentials from the environment. That expands the skill's privilege boundary and increases the risk of credential misuse or accidental exposure, especially in agent environments where direct secret access is more sensitive than scoped MCP access.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
Direct REST calls bypass the advertised MCP integration and any controls, scoping, auditing, or policy enforcement that MCP may provide. In the context of an agent skill, this mismatch is security-relevant because users and operators may assume the safer MCP boundary while the code actually uses more direct and privileged network access.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very broad and match ordinary user requests such as "Analyze my portfolio" or "How's my portfolio doing?", which increases the chance of unintended automatic invocation. In this skill, accidental invocation is more sensitive than usual because it can fetch brokerage account holdings and produce a saved report containing financial data, creating both privacy and overreach risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes automatic fetching of positions and report generation, but does not prominently warn that sensitive portfolio and account data may be retrieved from Alpaca and written to a markdown file in the repository. In the context of a finance skill, this omission is especially risky because holdings, account values, and recommendations are highly sensitive and persistent local storage increases exposure to later disclosure.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation criteria are broad enough to trigger on general investment-management requests, not just portfolio review. Over-broad invocation increases the chance the skill accesses brokerage-connected data or produces trading guidance in situations where a narrower, safer skill would have been more appropriate.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The catch-all phrase 'Any request involving portfolio-level analysis or management' lacks boundaries and authorizes use in ambiguous scenarios. In a brokerage-linked skill, ambiguity is risky because it can normalize access to sensitive financial data and management-style recommendations without a specific, informed request.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs saving a detailed portfolio report to the repository root, which may contain holdings, equity, P&L, and other sensitive financial information, without a strong warning or consent step. Persisting that data to disk creates a durable confidentiality risk, especially in shared environments, synced folders, or source-controlled repositories.

Vague Triggers

Medium
Confidence
80% confidence
Finding
An overly broad trigger phrase like 'Analyze my portfolio' can cause the skill to activate in contexts where the user did not intend brokerage-account access, increasing the chance of unnecessary retrieval of sensitive financial data. In a high-sensitivity domain such as investing, ambiguous invocation materially raises privacy and consent risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide fails to prominently warn users at the outset that connecting a live brokerage account exposes sensitive holdings, balances, orders, and related financial data to the skill and external services. Without this disclosure, users may proceed without informed consent, which is especially risky for financial accounts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This document provides detailed portfolio allocation, sector tilts, tactical adjustments, and explicit rebalancing actions that could directly influence users' investment decisions, but it does not warn that the content is general educational information rather than personalized financial advice. In the context of a portfolio-management skill that accesses brokerage holdings and positions, users may reasonably treat these recommendations as tailored guidance and act on them, creating a real risk of unsuitable trades, concentration changes, tax consequences, and financial loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document recommends setting stop-losses as part of an "ADD" strategy without any caution that stop orders can execute at unfavorable prices during gaps, volatility, or thin liquidity. In a portfolio-management skill, users may treat this as actionable trading guidance, so omission of execution-risk warnings can lead to unintended sales and material financial loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The framework gives concrete sell/trim instructions, including percentage reductions, staged selling, and redeployment suggestions, but does not consistently warn that these actions can crystallize gains or losses, create tax liabilities, and change portfolio risk. Because this skill is explicitly for brokerage portfolio review and rebalancing, users are more likely to rely on it for real investment actions, increasing the chance of harm from incomplete warnings.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This document gives detailed scoring, profile classification, and specific stock/bond allocation recommendations but does not clearly warn that it is educational only and not personalized investment, legal, or tax advice. In the context of a portfolio-management skill connected to brokerage data, users may reasonably treat the output as actionable individualized advice, increasing the risk of harmful financial decisions and compliance exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal