ClawHub

Toc Trading

Security checks across malware telemetry and agentic risk

Overview

This is a coherent simulated stock-trading assistant that stores local portfolio records and fetches market data, with no evidence of real brokerage trading, exfiltration, or destructive behavior.

Install only if you are comfortable with a finance assistant storing simulated watchlist, holding, trade, recommendation, and challenge records locally and optionally using a Tushare API token for market data. Treat any recommendations as informational, and be cautious before enabling scheduled or Feishu-style notifications if added in deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The file implements autonomous, time-based reporting and alert generation via `run_heartbeat()` without any visible user-initiated trigger or authorization boundary. In a user-triggered assistant skill, this expands behavior from reactive responses into background monitoring/push functionality, which can cause unsolicited notifications, privacy issues around portfolio state, and operational abuse if scheduled externally.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Overly broad trigger phrases can cause accidental invocation from normal conversation, leading the skill to process unintended inputs or perform state-changing actions such as adding stocks or recording simulated trades. In this skill, commands like market/news queries are close to ordinary speech, so false activations could create confusing or unauthorized portfolio/challenge state changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The recommendation commands use broad natural-language triggers such as '推荐一只股票' and '有什么消息吗', which can overlap with ordinary conversation and cause unintended activation of recommendation logic. In a trading-oriented skill, accidental triggering can lead to unwanted data fetches, state changes, or notifications that the user did not intend to initiate.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition '你问我答' for analysis-driven recommendations is underspecified, so the recommendation feature may activate on loosely related user input. This ambiguity increases the risk of prompt/intent confusion, especially in a conversational assistant that also handles portfolio and trading simulation commands.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The design documents persistent storage of stock pools, positions, trades, and challenge data, and also describes outbound Feishu notifications, but it does not specify user-facing consent, notice, or control over these actions. Users may unknowingly cause financial activity records or strategy information to be stored and externally pushed, creating privacy, confidentiality, and operational risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The design includes scheduled and event-triggered Feishu push notifications, including immediate alerts, but does not clearly disclose to users that the skill may proactively send outbound messages. In an agent setting, undisclosed proactive messaging can surprise users, create privacy/trust issues, and lead to unwanted notification spam or behavioral monitoring concerns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal