ClawHub

Options

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local text logger branded as an options-trading tool, with unclear scope and persistent storage of potentially sensitive inputs.

Review before installing. Treat this as a simple local logger, not a full options analysis tool. Do not enter account credentials, secrets, or sensitive trading details unless you are comfortable with them being stored under ~/.local/share/options and included in local searches or exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill advertises options-trade logging and analysis, but the documented interface is a broad generic logger with many unrelated commands and variable-like output templates. This mismatch can cause inappropriate invocation, over-collection of arbitrary user inputs, and use outside the claimed financial-tracking scope, which is dangerous because users and orchestrators may trust it with sensitive data under false expectations.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation frames the tool as options-trade management, but the examples and command list describe a generic local activity logger. This deceptive or careless presentation increases the chance that users will provide sensitive financial or unrelated operational data believing the skill has domain-specific safeguards and analytics that are not actually present.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest description promises specialized options-trade tracking and reporting, while the body describes generic command and activity logging. In agent ecosystems, this kind of semantic mismatch is security-relevant because tool selection often relies on manifest metadata; an overbroad or misleading description can cause the wrong tool to be invoked on sensitive requests.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation guidance is broad enough to overlap with many common user requests, which can make the skill eligible in contexts beyond options-trade tracking. In a tool-routing environment, such ambiguity increases the risk of accidental invocation and unnecessary exposure of user input to a generic logger.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script persistently records raw user-provided input into log files under the user's home directory without warning, consent flow, redaction, or retention controls. Because users may enter trade details, account notes, or other sensitive information, this creates a privacy and local data exposure risk to other local processes, backups, or anyone with access to the account.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The export function aggregates all recorded log data into easily accessible json/csv/txt files on disk, which increases the exposure of previously logged sensitive content. Exported flat files are easier to copy, index, sync to backups, or open in other applications, so accidental disclosure risk is higher if users are not warned and files are not protected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal