ClawHub

Ai Quant Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a simulated stock-analysis and trading assistant, but its strategy, backtest, and some screening outputs include mock or random values that should not be used for real investing.

Install only if you want a simulated stock-analysis helper. Treat all recommendations, generated strategies, backtests, win rates, and screening metrics as illustrative until independently verified, and review setup scripts before allowing package installation or skill-directory changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for dep in dependencies:
        print(f"  安装 {dep}...")
        try:
            subprocess.check_call([sys.executable, "-m", "pip", "install", dep, "--quiet"])
            print(f"  ✅ {dep} 安装成功")
        except subprocess.CalledProcessError:
            print(f"  ⚠️  {dep} 安装失败,尝试继续...")
Confidence
85% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", dep, "--quiet"])

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The screener uses randomly generated placeholder financial metrics such as ROE, current ratio, and market cap, then feeds them directly into stock-selection logic as though they were legitimate inputs. In a financial screening skill, this can mislead users into making decisions based on fabricated data, producing arbitrary and non-reproducible results that appear authoritative.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The public API collects caller-supplied screening conditions, but the core screening routine ignores them and instead applies fixed hard-coded thresholds. This creates deceptive behavior: users may believe they are running custom filters while actually receiving results under different criteria, undermining trust and potentially causing materially incorrect financial decisions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file advertises an AI/large-model strategy generator, but the implementation only picks from hardcoded templates and fabricates performance metrics with randomness. In a trading context, this is dangerous because users may rely on falsely represented strategy generation and synthetic performance data to make real financial decisions under a false sense of rigor.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The backtest function claims to backtest a strategy but explicitly returns random simulated results instead of evaluating historical data. In a financial/trading skill, presenting random values as backtest output can mislead users into trusting nonexistent evidence of profitability, creating material risk of financial harm.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases shown at the end of the guide are ordinary conversational requests rather than clearly scoped commands, so the skill could be invoked unintentionally during normal chat. In an investment assistant, accidental activation can lead to unwanted stock screening, analysis, or strategy generation that users may misinterpret as intentional guidance.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The phrase "执行我的选股策略" is ambiguous because it resembles a common user statement and does not define clear activation boundaries. If the platform routes on loose phrase matching, normal discussion about a stock-picking strategy could trigger the skill unexpectedly and produce trading-related output without deliberate user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill uses ordinary conversational phrases like stock screening and analysis requests as activation examples without clear boundaries, so unrelated user messages could accidentally trigger the skill. In a finance context, unintended activation is more dangerous because it can cause the agent to provide investment guidance or act on sensitive portfolio-related queries when the user did not explicitly intend to invoke this skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The file mixes free-form dialogue triggers with slash commands but never defines which inputs definitively invoke the skill, creating ambiguous routing behavior. This ambiguity can cause the agent to over-apply the trading skill to general chat, which is particularly risky here because the skill produces financial recommendations that may be mistaken for intentional, context-aware advice.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example trigger "帮我选今天值得关注的股票" is broad and overlaps with ordinary financial conversation, making accidental invocation more likely in unrelated chats about markets or investing. In a finance skill, unintended activation is more concerning because it can steer users into stock screening or trading-oriented outputs without an explicit opt-in, potentially influencing financial decisions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code generates explicit trading recommendations such as buy/sell signals ('买入信号' / '卖出信号') based on technical indicators, but it does not present any warning that these outputs are heuristic, may be inaccurate, and are not financial advice. In a stock-analysis skill, users may reasonably rely on these signals for real financial decisions, increasing the risk of harmful or misleading automated advice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The demo enables automatic trading through a simple command and presents it as a routine feature without any warning, confirmation step, or explanation of risks. In a trading assistant context, normalizing autonomous trade activation can mislead users into turning on behavior with financial consequences they may not understand, especially if the underlying command executes real or semi-automated actions.

Missing User Warnings

High
Confidence
89% confidence
Finding
The code enables automated trading directly via `/自动 启用 [策略名] [股票代码]` without any visible confirmation step, warning banner, acknowledgment of live/autonomous order execution, or safety gating in this entrypoint. In a trading assistant context, this increases the risk of users unintentionally authorizing unattended market actions, which can lead to rapid financial loss if strategies are flawed, misconfigured, or triggered unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally deletes any existing backup directory with shutil.rmtree and then replaces the currently installed skill without confirmation, version checks, or rollback protection. If run accidentally or with a tampered source directory, this can destroy the last known-good backup and overwrite an installed skill, causing data loss and making recovery difficult.

Missing User Warnings

High
Confidence
93% confidence
Finding
The code automatically executes a full-position sell as soon as a rule triggers, without requiring interactive confirmation, a dry-run mode, or a strong opt-in safety gate. In an agent or automation context, this can cause unauthorized or unintended trades, especially because the monitoring loop runs in a background thread and acts on persisted rules automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs security-relevant side effects—installing packages and creating directories—without an explicit opt-in or dry-run step. In an agent or automation context, that increases the risk of unexpected system modification and may help hide supply-chain exposure or unauthorized persistence-related changes under the guise of 'environment repair.'

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal