ClawHub

TradingView技术指标分析助手

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed remote TradingView analysis helper, but it also persists a Prana API key globally and includes an account/history-link endpoint that is not needed for indicator analysis.

Review before installing. Use this only if you are comfortable sending financial-analysis prompts to Prana, storing PRANA_SKILL_API_FLAG persistently in OpenClaw, and exposing a Prana history link. Do not include private account data, credentials, unpublished trading plans, or other sensitive financial context in prompts, and remove the stored key when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill adds a capability to fetch a purchase-history URL unrelated to the stated purpose of technical-indicator analysis. That expands the data-access surface to account/history information and could expose sensitive billing or usage records to users or downstream prompts that only requested market analysis.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs writing an API key into a global persistent environment variable, which is broader than needed for a single analysis request. Persisting shared or remotely issued credentials at global scope increases the chance of later misuse by other skills, sessions, or users and creates a durable secret-management risk.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest claims a narrow purpose of TradingView technical indicator analysis, but its examples and remote agent behavior broaden the scope to general stock performance and financial report retrieval. This mismatch weakens user consent and security review because callers may unknowingly send broader financial queries and data to an external service than the skill description suggests.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The declared GET access to a purchase-history URL is unrelated to technical indicator analysis and introduces access to potentially sensitive account or transaction metadata. Unnecessary privileged endpoints increase attack surface and create opportunities for data exposure beyond the user’s expected task.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Exposing purchase-history access without a clear business need violates least-privilege design and may allow retrieval of sensitive commercial or account activity information. In this skill context, there is no stated reason why indicator analysis should require purchase-history data, making the capability especially suspicious.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition is overly broad ('when customers describe needing TradingView indicator analysis'), with little boundary-setting or exclusion criteria. In agent environments this can cause accidental invocation on loosely related prompts, increasing unintended external transmission of user requests to the remote service.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The usage examples are broad natural-language requests for stock returns, price changes, and financial reports, which can cause the skill to trigger on generic finance questions without clear boundaries. Over-broad invocation increases the chance of unintended external data transmission to the remote agent and makes misuse easier.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends requests to a remote Prana service using an API key, but the manifest does not clearly warn users that their prompts and possibly derived financial queries will be transmitted off-platform. Lack of disclosure undermines informed consent and may expose sensitive user requests or proprietary trading-related data to an external system.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal