ClawHub

Massive Financial Connector

Security checks across malware telemetry and agentic risk

Overview

This market-data skill is mostly purpose-aligned, but it silently runs the user’s shell startup file and handles the API key in a riskier way than its “secure local key handling” description suggests.

Review before installing. Use only if you are comfortable with the scripts reading and executing your ~/.zshrc and with your Massive API key being used by local shell scripts and the uvx-launched MCP server. Prefer editing the scripts to require MASSIVE_API_KEY from the current environment or a dedicated config file, and consider using a revocable or limited API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script sources $HOME/.zshrc to obtain MASSIVE_API_KEY, which executes arbitrary commands from a broad shell startup file rather than reading only the needed secret. That expands the script's capability from market-data retrieval to executing whatever is in the user's profile, creating unintended code-execution and secret-access risk if the startup file is modified or contains side effects.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script sources the user's ~/.zshrc before reading MASSIVE_API_KEY, which executes arbitrary shell code from a startup file unrelated to the quoted market-data task. That adds an unnecessary code-execution and secret-loading path: a skill invocation can trigger side effects from personal shell config and pull credentials from a broader context than the script discloses.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script sources the user's ~/.zshrc to obtain credentials, which executes arbitrary shell code from a broad personal startup file unrelated to a simple quote lookup. That expands the trust boundary significantly: any commands in .zshrc run in the script's context, and the script may unintentionally consume unrelated secrets or modified environment state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The API key is sent as a query parameter in the request URL, which is more likely to be exposed via process listings, proxy logs, browser/history equivalents, monitoring systems, or error telemetry than a header-based credential. Although transmission to the official Massive endpoint is expected for this skill, embedding secrets in the URL is still poor secret-handling practice and creates avoidable leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The API key is embedded in the request URL query string, which can be exposed through process listings, shell history if echoed or debugged, HTTP logs, proxies, and monitoring systems. Even over HTTPS, URLs are commonly logged more broadly than headers, increasing the chance of credential leakage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script silently sources the user's ~/.zshrc before launching the MCP server, which executes arbitrary shell commands from that file in the script's context. Because shell startup files are often customized and may contain side effects, aliases, prompts, or untrusted code, this can unexpectedly run attacker-controlled commands and alter the environment used to start the server.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal