ClawHub

iFinD投研-自然语言查询金融数据

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it stores a finance API token locally and can be configured to send that token and queries to an arbitrary API host.

Install only if you trust the iFinD/Repilot service and are comfortable saving its token on this machine. Use a revocable, limited token if available; do not use --set-url unless you fully trust the target host; and periodically inspect or delete ~/.config/ifind-repilot/config.json if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code allows an arbitrary base_url from local config to override the default service endpoint, and the Authorization token is then sent to that host. This can leak credentials and user queries to an attacker-controlled server if the config is tampered with, which is especially risky because a finance-data skill has no clear need for unrestricted authenticated egress to arbitrary domains.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough that the skill may be invoked for many generic finance-related requests, causing unexpected external API calls or prompting users to provide tokens when they did not intend to use this integration. In this context, over-broad activation is more concerning because the skill performs network access and manages credentials, so accidental invocation can expose sensitive prompts or drive unnecessary side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists the authentication token in a plain JSON config file under the user's home directory without setting restrictive file permissions or warning about local secret storage. On multi-user systems or misconfigured environments, this can expose the token to other local users or backup/logging processes, enabling unauthorized API access.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal