ClawHub

Quant Full Stack

Security checks across malware telemetry and agentic risk

Overview

This quant-trading skill appears purpose-aligned, but it can run local trading workflow scripts without clear per-task safeguards or confirmation.

Review before installing. Use it only with a known local ~/quant_trading project, preferably in a sandbox or paper-trading account, and confirm that 05_trade_execution cannot place live orders or access real broker credentials without explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 构造执行命令
        cmd = [VENV_PYTHON, script_path] + args
        # 执行命令,超时2分钟,避免卡死
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
Confidence
93% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=120, cwd=PROJECT_DIR )

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This runner exposes a generic delegated execution primitive: a caller selects a task and passes through arbitrary extra arguments to the mapped script. Even though the script file itself is chosen from a fixed mapping, the design still creates an execution surface where downstream scripts can be driven in unintended ways, and one mapped task is 'trade_execution', increasing the potential for harmful side effects. In an agent skill context, exposing process-spawning behavior without strict capability boundaries is a real vulnerability.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The runner executes another script transparently and returns its output, but does not present any warning, disclosure, or confirmation that a subprocess with potentially significant side effects is being launched. In this quant-trading context, lack of disclosure increases the risk of accidental execution of trading or data-modifying operations by users or higher-level agents. This is a real weakness, though primarily a safety and trust issue rather than a direct code-execution flaw.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal