ClawHub

缠论股票分析投研报告

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock research/report skill, with real financial and dependency risks but no evidence of hidden, destructive, or purpose-mismatched behavior.

Install only if you are comfortable with a stock-analysis skill that calls external finance/search services, uses a Tushare token through its dependency, and may install reportlab at runtime. Treat generated buy/sell ratings, targets, stop-losses, and position sizes as research assistance only; verify data and conclusions independently before making any trade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs runtime installation of a Python package via pip during execution. Even though the stated goal is PDF generation, allowing network-based dependency installation at runtime expands the attack surface, introduces supply-chain risk, and enables unexpected code execution in environments that otherwise only needed data analysis.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill directs the agent to write and execute a standalone Python script to generate a PDF. This adds file-write and code-execution behavior beyond pure stock analysis, which can be abused or can normalize arbitrary script execution in response to user prompts, increasing the risk of unsafe local actions.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The skill claims not to store user queries or analysis results to external services, yet its workflow performs WebSearch queries using company names and current context. That creates a mismatch between documented privacy guarantees and actual data disclosure, which can mislead users about where their request data is sent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file gives explicit buy/sell signals such as 一买/一卖/二买/三买 and describes them as actionable trading opportunities, but it does not include any financial-risk disclaimer, suitability warning, or statement that outputs are informational only. In a stock-analysis skill that generates professional-looking research reports, this can cause users to over-trust the content as personalized investment advice and make risky trades without understanding losses, latency, or model error.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The scoring framework maps indicator combinations directly to concrete actions like 强买入 and fixed position sizes such as 40~60%仓位, which materially increases the chance that users treat the output as prescriptive investment guidance. Because the skill is specifically designed for deep stock analysis and report generation, these quantified recommendations can drive financially harmful decisions at scale without any suitability assessment, capital-loss warning, or regulatory disclaimer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal