ClawHub

全球股市技术分析报告

Security checks across malware telemetry and agentic risk

Overview

This is a focused stock-analysis skill that fetches public EastMoney market data and does not include code execution, credentials, persistence, or system changes.

Install if you want the agent to generate informational stock technical-analysis reports and you are comfortable with it contacting EastMoney for the stock codes you ask about. Treat generated reports as informational only, verify important figures independently, and do not provide brokerage credentials or private account data because the skill does not need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description uses broad natural-language triggers such as generating stock analysis reports, querying A-share quotes, and analyzing stock trends without clear routing boundaries. This can cause the agent to invoke the skill for loosely related finance prompts, leading to unintended external browsing/API access and generation of market-analysis content in contexts where it was not explicitly requested.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description is broad enough to match common requests about A-share quotes or trend analysis, which increases the chance of unintended invocation. When a skill performs live web navigation and external data fetching, accidental triggering can cause unnecessary outbound requests, user confusion, and execution of actions the user did not explicitly intend.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal