ClawHub

Stock Research Desk

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock-research workflow with web research, local document output, and watchlist features that fit its stated purpose.

Before installing, understand that this skill can run local commands, perform web research, use an API key, maintain watchlist state, and write DOCX reports to the desktop. Use a dedicated or limited API key where possible, avoid committing `.env` files, and inspect the referenced package/repository before running the editable pip install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broadly scoped ('use when researching a stock, screening a sector, or maintaining a watchlist') without clear activation boundaries or user-confirmation constraints. In an agent setting, overly broad invocation language can cause the skill to be selected in situations the user did not explicitly intend, leading to unnecessary web access, analysis, and downstream file creation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow states that output is written as a bilingual DOCX on the desktop, but it does not warn the user that local files will be created. Silent or unexpected file creation is risky in agent environments because it can disclose sensitive research topics on a shared machine, overwrite user expectations about where artifacts go, and create persistence without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
Mandating bilingual Chinese-first output without user choice removes user control over output format and may cause the agent to generate more content than necessary, including language transformations the user did not request. While not directly a code-execution issue, it is a policy and safety concern because it increases unintended actions and can expose content in an unexpected language or format.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The workflow fixes output ordering to Chinese first and English second without offering locale selection or opt-in. In context, this compounds the file-creation behavior by forcing a specific output structure that may not match the user's needs, causing unnecessary processing and potentially broader disclosure in saved artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal