ClawHub

MarketSensor

Security checks across malware telemetry and agentic risk

Overview

MarketSensor is a disclosed finance API helper that uses a user-provided API key to read reports, manage a watchlist, trigger analysis, and check quota.

Install only if you trust MarketSensor with your market symbols, watchlist activity, generated reports, and quota usage. Keep MARKETSENSOR_API_KEY private, prefer a limited or revocable key if available, and review requests before letting the agent add/remove watchlist items or trigger paid/quota-consuming analyses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly requires access to an API key environment variable and instructs use of shell commands, but it does not declare corresponding permissions. This creates a transparency and governance gap: the runtime may expose secret-bearing env access and command execution without users or platforms having clear permission metadata to review or constrain them.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The hook triggers on broad concepts like stock tickers or generic analysis-related keywords at user prompt submission time, which can match many normal conversations outside an explicit MarketSensor invocation. This can cause unsolicited skill prompting or context steering, increasing the chance of overreach, user confusion, and inappropriate data or workflow activation across unrelated prompts.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The hook text is written as an unconditional Chinese-language reminder without indicating that language should follow the user's preference. In isolation this is not a direct code-execution risk, but it can degrade transparency and consent by inserting reminders in a language the user did not request, which may mislead or pressure users into using the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples include POST requests that modify a remote watchlist and trigger analysis jobs, but they do not warn users that running them causes real state changes and may consume quota. In documentation for an agent skill, copy-pasteable commands can be executed verbatim, so the absence of a clear warning materially increases the chance of unintended remote actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation repeatedly shows authenticated requests using a bearer token variable but gives no guidance on protecting the API key, avoiding shell history leakage, or preventing exposure in logs and screenshots. While the examples do not hardcode a secret, they normalize credential use without safe-handling instructions, which can lead to accidental disclosure in real operator workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal