ClawHub

Forex

Security checks across malware telemetry and agentic risk

Overview

This is a text-only forex education skill with no code or account access, but users should be cautious with its trading guidance and sensitive financial prompts.

Install only if you want an educational assistant for forex, currency conversion, and currency-risk analysis. Do not share broker credentials, account identifiers, full live position lists, counterparty names, contracts, or exact confidential business figures unless truly necessary; use summaries, ranges, and redactions. Treat trading and hedging outputs as general education, not personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples include prompts and responses that encourage participation in forex trading without any clear disclaimer that forex is highly speculative, can lead to substantial losses, and that the content is educational rather than personalized financial advice. In a finance-oriented skill, omission of these warnings can normalize risky activity and cause users to rely on the agent for consequential decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This example gives concrete trading risk-management guidance, including account sizing and loss tolerance, without accompanying warnings about the dangers of leverage, the possibility of rapid total loss, and the fact that this is not individualized financial advice. Because it appears operational and actionable, users may over-trust it and apply it to real trading despite their circumstances being unknown.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes generic finance terms such as "currency," "exchange rate," and "central bank," which can cause the skill to activate in conversations that are broader than forex-specific intent. This is not a code-execution issue, but it can lead to unintended routing, user confusion, and inappropriate skill engagement in adjacent financial contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal