ClawHub

Quantflow Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent financial data research and backtesting skill with expected network use and local outputs, not a hidden trading or exfiltration tool.

Install only if you are comfortable using akshare and akquant, making network requests to financial data providers, and leaving local research exports or cache files on disk. Treat backtest results as research output, not investment advice or authorization for live trading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file materially exceeds the advertised research/analysis scope by implementing autonomous trading and backtesting strategies that can place buy, sell, short, and close-position actions. In an agent skill context, this capability mismatch is dangerous because a user or orchestrator expecting passive data research may unintentionally invoke active trade logic, creating unauthorized financial actions, policy bypass, or severe monetary loss.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The quick-rule trigger phrases are extremely broad and map to common finance-related user language, which can cause the skill to activate unintentionally for ambiguous requests. In a network-enabled, file-writing skill, over-broad invocation increases the chance of unexpected external requests, local file creation, or use of the wrong workflow without explicit user confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports exporting CSV, Parquet, scripts, charts, and local output paths, but it does not prominently warn users that data will be written to disk. This can lead to unintended persistence of potentially sensitive research inputs, outputs, and metadata on the local system.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill declares network access and is designed to query external financial data sources, but it does not clearly warn that user prompts, ticker selections, date ranges, and query parameters may be sent to third-party providers. This creates a privacy and data-governance risk, especially for proprietary research interests or sensitive watchlists.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal