ClawHub

Global Finance Radar

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only finance analysis skill that uses public market and macroeconomic sources and does not install code, persist data, or request credentials.

Before installing, understand that this skill may browse and summarize public financial sources, including non-English sources, and may produce forecasts or valuation signals. Ask it to cite source dates, disclose assumptions, and limit languages or regions if needed; do not rely on it as personalized investment, tax, legal, or trading advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill defines broad financial-analysis capabilities and a generic workflow, but it does not specify when the skill should activate, what user intents qualify, or what requests should be rejected or deferred. In an agent setting, this can cause over-broad invocation and make the system answer out-of-scope financial or advisory prompts, increasing the chance of unsafe autonomy, hallucinated data use, or inappropriate investment guidance.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
The instruction to search and summarize across multiple languages without explicit user choice can expand retrieval scope beyond the user's expectations and cause the agent to pull in foreign-language sources the user cannot verify. This raises risks of mistranslation, source-quality mismatch, and unintended data handling or browsing behavior, especially in high-stakes financial contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal