ClawHub

A 股全流程量化决策系统

Security checks across malware telemetry and agentic risk

Overview

This is a coherent stock-analysis skill, but it can set up recurring trading-assistant runs and persist sensitive portfolio and conversation-derived notes without enough user control.

Review before installing. Use it only if you are comfortable with local storage of portfolio details and recurring scheduled analysis after cron registration. Keep Datasaver tokens and Eastmoney cookies out of shared terminals or repositories, disable heartbeat/cron tasks you do not need, and treat all buy/sell output as analysis rather than automated financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad, common phrases such as '买不买', '止损', '复盘', and 'A股', which can match ordinary conversation and unintentionally invoke the skill outside an explicit stock-analysis request. In a trading assistant, accidental activation is more dangerous than usual because the skill can produce concrete buy/sell guidance, automated monitoring behavior, and portfolio-management instructions in contexts where the user did not clearly request them.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scheduled收盘复盘 task explicitly instructs the agent to write derived trading notes and lessons into persistent memory files (`memory/learnings.md` and dated logs) without any user-facing consent, review step, or warning. Automatic persistence of model-generated summaries can store sensitive financial behavior, portfolio details, and incorrect inferences, creating privacy, integrity, and retention risks over time.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The task overview states that a daily heartbeat will extract knowledge from conversations and write it to `learnings.md`, again without a user warning or consent boundary. Because this happens routinely and outside an interactive turn, it increases the chance of silently persisting sensitive user data, mistaken conclusions, or prompt-injected content into long-term memory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal