ClawHub

Stock Portfolio

Security checks across malware telemetry and agentic risk

Overview

This stock portfolio skill is coherent and user-directed, but users should treat its recommendations cautiously and understand that portfolio data is stored locally.

Install only if you are comfortable storing holdings, cost basis, share counts, and alert thresholds in local files. Stock symbols you query may be sent to Tencent, Sina, or EastMoney APIs over HTTP, so do not treat prices as tamper-resistant. Treat the daily picks as a rough watchlist, not investment advice, because the implementation does not perform the fundamental analysis it claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module docstring states the recommendations use both technical indicators and fundamental screening, but the implementation only evaluates simple real-time market fields from a hardcoded stock pool. In a financial recommendation skill, this mismatch can materially mislead users about the rigor and basis of the recommendations, increasing the risk of harmful decision-making.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The user-facing output claims the picks incorporate fundamental analysis, industry leadership, and earnings stability, but the code performs none of those checks. Because this skill produces investment-related output, overstating the analysis quality is a trust and safety issue that can cause users to rely on recommendations under false assumptions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states that holdings, alerts, and history are stored locally in JSON files, but it does not prominently warn users that sensitive financial information may persist on disk. Portfolio composition, cost basis, and trading history are privacy-sensitive and could be exposed to other local users, backups, or later processes if users are unaware of the retention.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs the skill to query a third-party market-data API over the network without an explicit warning that user-requested stock symbols and usage metadata will be transmitted externally. Although the payload appears limited, external requests can still reveal user interests, portfolio-related symbols, timing patterns, and potentially use insecure transport if HTTP is used.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The documentation recommends and exemplifies plaintext HTTP endpoints for financial market-data retrieval, which allows man-in-the-middle attackers to observe or tamper with responses in transit. In a stock-portfolio skill, altered quotes or recommendation inputs could mislead users, trigger false alerts, or corrupt portfolio calculations, making this more dangerous than generic non-sensitive HTTP usage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation recommends and exemplifies plaintext HTTP endpoints for financial market-data retrieval, which allows man-in-the-middle attackers to observe or tamper with responses in transit. In a stock-portfolio skill, altered quotes or recommendation inputs could mislead users, trigger false alerts, or corrupt portfolio calculations, making this more dangerous than generic non-sensitive HTTP usage.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal