ClawHub

stockClaw-yingyan 股票量化助手,可以获取个股择时量化图,个股行情分析,AI搜索特定股票,监控股买卖点变化通知。

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate financial-data API skill, but it handles API credentials in ways that could expose them, so it needs review before installation.

Install only if you are comfortable with this skill storing API credentials locally and sending them to the provider during requests. Use dedicated limited-scope keys, avoid pasting production secrets into chat, check that config.json is excluded from source control and backups, rotate any exposed keys, and prefer environment variables or a secure secret store if you use the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to persist user_id and API keys into a local config.json file, but does not require clear user consent, disclosure of local storage behavior, or any protections around file permissions, masking, or retention. This creates a real credential-handling risk because secrets may remain on disk longer than users expect and could be exposed to other local processes, backups, logs, or subsequent users of the environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples explicitly direct the agent to persist API credentials in a local config.json file and to rewrite that file when users provide new secrets, but they provide no warning about local secret storage risks, file permission controls, masking, or safer storage alternatives. In an agent environment, this can lead to long-lived plaintext credential exposure through logs, workspace access, backups, or other skills/tools that can read the same directory.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples show transmitting user_id and API keys directly in HTTP bodies and query parameters, and later in WebSocket URLs, without warning that these values are sensitive and may be exposed via logs, proxies, browser history, referrers, or monitoring systems. Putting credentials in URLs is especially risky because many systems automatically record full request URIs, increasing the chance of credential leakage beyond the intended service.

Ssd 3

Medium
Confidence
90% confidence
Finding
The document explicitly instructs the agent to take credentials supplied in chat and write them into config.json. Persisting secrets from conversational input creates a durable secret-handling risk: sensitive values may be stored in an insecure location, retained longer than necessary, exposed to other tools/processes, or accidentally committed/exported. In this skill context, the danger is elevated because the secrets are API keys used for authenticated financial-data and monitoring access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal