ClawHub

Investment Analysis & Portfolio Management Engine

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only investment analysis framework that can influence financial decisions but does not install code, request credentials, or execute trades.

Install only if you want an investment-analysis framework. Verify all market data independently, treat outputs as educational and non-personalized, check tax guidance against your jurisdiction, and require explicit human approval before using any separate broker or trading tool to place real orders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill gives detailed investment, portfolio, and trade execution instructions while presenting them as an operational methodology, but it does not clearly warn users that the content is not financial advice and may lead to substantial losses. In this context, omission of a prominent risk disclaimer increases the chance that users will over-rely on the skill's outputs as authoritative guidance for real-money decisions.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The tax section presents US tax-loss harvesting, wash sale, capital gains, and account-allocation rules as default guidance without gating on user jurisdiction or emphasizing that tax rules differ by country and can change over time. A user outside the US, or even a US user with special circumstances, could make harmful tax decisions based on inapplicable or incomplete guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal