ClawHub

Claw Stock Watcher Pro

Security checks across malware telemetry and agentic risk

Overview

This skill coherently manages a local stock watchlist and fetches stock data from its disclosed source, with a limited risk of accidental watchlist deletion.

Before installing, understand that the skill stores your watchlist in plain text at ~/.clawdbot/stock_watcher/watchlist.txt and contacts 10jqka.com.cn for stock data. Back up the watchlist before using clear or uninstall, because those operations can remove saved entries without asking for confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions while its documented behavior clearly includes local file reads/writes and outbound network access. This undermines transparency and informed consent, making it easier for the skill to access or modify local data and contact external services without an explicit permission model.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill description emphasizes watchlist management and performance summaries, but the documented lifecycle behaviors also include destructive operations such as clearing all entries and removing related files during uninstall. That mismatch can cause users or orchestration systems to invoke the skill without understanding that it can delete stored data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough that the skill may trigger on general stock-related requests, not just explicit watchlist actions. In context, that matters because the skill can read/write local state and perform network requests, so over-broad activation increases the chance of unintended execution and data changes.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The phrase indicating no extra command is needed creates an ambiguous activation condition for showing watchlist market data. This can lead the agent to fetch external data and expose or use the user's saved watchlist without a sufficiently explicit request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents a clear-all operation but does not prominently warn that it is destructive and removes all saved watchlist entries. Without an explicit warning or confirmation step, users may trigger irreversible local data loss by mistake.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The uninstall instructions state that related files are fully removed but do not clearly warn about permanent deletion of user data. In a skill that stores a personal watchlist locally, uninstall without an explicit data-loss warning can cause unexpected irreversible loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal