ClawHub

投资组合分析技能

Security checks across malware telemetry and agentic risk

Overview

This is an offline portfolio backtesting skill that reads a chosen CSV and writes local reports and charts, with some stale documentation but no evidence of hidden network access or credential use.

Install only the dependencies listed in the manifest or README, not the stale yfinance example in SKILL.md. Use a non-sensitive CSV when testing, choose a dedicated empty output directory, and review generated reports before sharing because they can include local paths and financial analysis results. Do not provide API keys; this version does not appear to need or use them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

High
Confidence
93% confidence
Finding
The documentation repeatedly asserts the skill is local-CSV-only and makes no network requests, yet it instructs users to install yfinance and shows a command for fetching a single symbol by ticker and period, which typically relies on remote data access. This mismatch can mislead users and reviewers about the skill’s actual trust boundary, causing unexpected outbound connectivity, data exposure, or policy violations in restricted environments.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The 'basic usage' section includes `--symbol AAPL --period 1y`, which strongly implies live or remote market-data retrieval and directly contradicts the stated claim that the skill only uses local CSV files. Such contradictory instructions are dangerous because operators may approve or run the skill under false assumptions about offline-only operation.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The documentation is entirely in Chinese and does not provide an alternative language or justify a locale restriction. In a security-sensitive context, this can prevent reviewers, operators, or automated governance teams from understanding the skill’s behavior and security claims, increasing the chance that risky functionality or misleading assurances go unnoticed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill writes multiple files to disk and accepts an output directory from arguments without any user confirmation, overwrite safeguards, or path restrictions. In an agent setting, this can lead to unintended file creation or overwriting in arbitrary locations, especially if the caller passes a sensitive or shared path.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide explicitly states that reports, JSON, and charts are written to disk, and the example output includes a full local filesystem path and detailed analysis results. In financial workflows, these artifacts can expose sensitive local path information, dataset locations, portfolio metrics, and strategy outputs to other local users, synced folders, backups, or shared environments if users are not warned or given controls.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document presents specific investment suggestions, performance metrics, and comparative conclusions in a way that may be interpreted as actionable financial guidance, but it does not include a clear disclaimer that the material is for informational/backtesting purposes only and does not reflect real-world trading constraints or suitability. In a financial-analysis skill, this omission increases the risk that users over-trust simulated results and make real investment decisions without understanding model risk, transaction costs, slippage, or potential losses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal