ClawHub

A股数据获取 A specialized data collection tool for Chinese A-share market

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local A-share market data collector with expected database, file, network, reset, repair, and optional scheduling behavior, but users should run maintenance commands carefully.

Install only if you want a local A-share market-data database. Review and, if needed, change the hard-coded D:\xistock path, run initial fetches with small limits, expect public market-data API traffic, and back up stock.db before using reset or repair commands. Enable the generated cron configuration only if you intentionally want recurring automated updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation describes network access plus local file/database read-write behavior, but no explicit permissions are declared. In an agent setting, this weakens review boundaries and can cause the skill to receive broader capabilities than users expect, enabling silent local data modification or exfiltration if invoked in the wrong context. The stock-data use case justifies these capabilities functionally, but the lack of declaration still creates a real transparency and governance risk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose is a stock data collector, but the skill also includes reset, repair, cleanup, scheduling, synchronization, and filesystem-based storage behaviors that materially expand its operational scope. This mismatch is dangerous because reviewers or users may authorize the skill expecting passive data collection while it can also alter local state, delete data, force refetches, and install recurring automation, increasing the chance of unintended destructive actions or persistence.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill description says data is automatically fetched and stored in SQLite, but this code also exports per-stock text files to disk under fixed directories. That expands the data handling scope beyond the declared behavior, which can create unreviewed local persistence, data sprawl, and privacy/compliance issues if operators assume SQLite is the only storage location.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script contains bulk reset operations that clear fetch-status timestamps for all stocks, causing the system to treat the entire dataset as stale and eligible for re-fetch. In a skill advertised as a stock data collector, this destructive state-reset capability is outside the stated collection scope and could trigger unnecessary mass network activity or operational disruption if run accidentally or abusively.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes reset commands such as database status resets without any warning that they may overwrite state or trigger large-scale refetches. In practice, an agent or user following these instructions could cause data loss, integrity issues, expensive API usage, or operational disruption because the destructive effect is not disclosed at the point of use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal