ClawHub

Tushare 金融数据助手

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tushare financial-data helper skill, but users should handle the API token more carefully than the examples suggest.

Install only if you are comfortable giving the skill access to your Tushare API token and making outbound financial-data requests. Prefer setting the token only for the current session or through a secret manager, avoid committing config files containing the token, and do not run the helper test in shared logs unless the token-printing line is removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to persist an API token in ~/.bashrc, which encourages long-term storage of a credential in plaintext without warning about sensitivity or safer alternatives. While this is common developer guidance, it increases the chance of accidental disclosure through dotfile sync, backups, shared accounts, screenshots, or shell-history-related operational mistakes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The configuration example places the API token directly in config/config.yaml, normalizing plaintext credential storage in a project file. This can lead to accidental commits, leakage in backups or shared workspaces, and broader exposure than necessary if the repository or config directory is accessed by others.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The document explicitly states this is a crawler-based interface that pulls data from external network sources and bypasses Tushare's own servers, but it does not clearly warn users about the resulting network/privacy implications in a user-facing security sense. In an agent or automation context, using this interface can cause unexpected outbound requests to third-party sites, expose client IP/network metadata, and create compliance or monitoring issues if users assume all traffic goes only to Tushare.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes a sample dataset that exposes multiple full personal names alongside financial holdings and share-unlock information. Even if sourced from public market disclosures, reproducing identifiable personal data in example content without any privacy notice, minimization, or masking increases unnecessary dissemination of personal information and may create privacy/compliance concerns for downstream users of the skill.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
print("=== Tushare Pro 测试 ===")
    
    # 验证 Token
    token = os.environ.get('TUSHARE_TOKEN')
    if token:
        print(f"Token: {token[:10]}...")
    else:
Confidence
96% confidence
Finding
os.environ.get('TUSHARE_TOKEN

Unpinned Dependencies

Low
Category
Supply Chain
Content
tushare>=1.2.60
pandas>=1.5.0
Confidence
94% confidence
Finding
tushare>=1.2.60

Unpinned Dependencies

Low
Category
Supply Chain
Content
tushare>=1.2.60
pandas>=1.5.0
Confidence
92% confidence
Finding
pandas>=1.5.0

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal