ClawHub

Bollinger

Security checks across malware telemetry and agentic risk

Overview

This skill appears technically low-risk, but its Bollinger finance content is generic and mismatched enough that users should review it before relying on it.

Install only if you understand this is a low-capability text reference, not reliable Bollinger Bands or financial advice. Verify any trading, compliance, or investment-related output against authoritative finance sources before acting on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script presents itself as a finance-specific Bollinger reference tool, but most output is generic boilerplate and some sections drift into unrelated operational and inspection guidance. This mismatch can mislead users or downstream agents into relying on inaccurate domain content, creating integrity and decision-support risk even though there is no direct code-execution behavior.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The inline documentation claims finance-focused Bollinger guidance, but commands such as instruments and checklist contain contradictory system-operation and inspection language that does not fit the financial context. In an agent setting, this kind of semantic inconsistency can poison responses, reduce trustworthiness, and cause users to take inappropriate actions based on irrelevant guidance.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The 'When to Use' section is overly broad and generic, which can cause the skill to be invoked in situations only loosely related to Bollinger concepts. In an agent setting, ambiguous triggers increase the chance of unintended execution, confusing tool selection, or reliance on irrelevant financial guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal