ClawHub

Robinhood Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill is clearly a Robinhood trading integration, but it gives an agent persistent trading access and a generic tool-call path that can place real orders without enforcement inside the script.

Install only if you intentionally want an agent to access and trade in your Robinhood account. Keep `ROBINHOOD_MCP_HOME` in protected storage, treat `credentials.json` like a trading credential, use `logout` or Robinhood revocation when finished, and require a separate explicit human confirmation before every order.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares powerful capabilities including shell, file read/write, environment access, network, and MCP interaction, yet exposes no explicit permission model or user-facing restriction metadata. In a trading skill that persists OAuth tokens and can place orders, this lack of declared permissions increases the chance that a host or reviewer underestimates the skill's authority and executes it without appropriate consent boundaries.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The `call` command forwards arbitrary JSON arguments directly to Robinhood's remote MCP tools, which can trigger account actions such as trading or portfolio operations. In a financial-trading skill, sending user- or agent-supplied data to a remote service without an explicit confirmation or warning at execution time increases the risk of unintended or prompt-induced high-impact actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal