ClawHub

财务报表分析技能

Security checks across malware telemetry and agentic risk

Overview

This skill coherently analyzes a user-provided Excel financial report locally and generates a Markdown report, with a disclosed but noteworthy automatic dependency-install step.

Install this only if you are comfortable running a local Python script on financial workbooks. In sensitive or locked-down environments, preinstall pandas and openpyxl in a controlled environment or sandbox first so the skill does not run pip during analysis. Review the generated Markdown report before sharing it, since it may contain financial data from the source workbook.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
    print("正在安装依赖...")
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "pandas", "openpyxl"])
    import pandas as pd
    import openpyxl
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "pandas", "openpyxl"])

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Installing Python packages at runtime is risky because it causes the skill to fetch and execute external code during normal operation, which is unnecessary for a financial analysis tool. In this skill context, that behavior is not justified by user needs and is therefore more suspicious and dangerous than in a package-management utility.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary financial conversation, which can cause the skill to activate unexpectedly in contexts where the user did not intend file processing or script execution. In this skill, unintended activation is more concerning because activation leads to local code execution and file output rather than a passive text-only response.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents writing a report to the local filesystem and automatically installing pandas/openpyxl, but does not present these system-affecting actions as a clear upfront warning or consent checkpoint. Automatic package installation and file creation materially change the host environment and can expand attack surface, especially if a crafted request repeatedly triggers installs or writes in sensitive environments.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal