ClawHub

investment-framework-bundle

Security checks across malware telemetry and agentic risk

Overview

The skill is an instruction-only investment research framework, but it gives concrete trading guidance and includes broad activation plus vague memory-saving behavior that users should review carefully.

Install only if you want an agent to apply an assertive investment-analysis framework to finance conversations. Treat all trading outputs as informational, verify prices and fundamentals with current sources, and do not rely on it as professional financial advice. Before use, confirm whether your agent will write the generated analysis to persistent memory and how you can review or delete that saved content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The skill instructs the agent to persist its final output into a memory directory, which is a state-changing action unrelated to merely presenting an investment framework. In an agent setting, undocumented writes to persistent storage can cause unintended data modification, contamination of future context, or silent retention of sensitive user-derived analysis.

Vague Triggers

High
Confidence
95% confidence
Finding
The V1 trigger list is broad enough to activate on generic finance-related phrases like '机会', '持仓', or '交易', which can cause the skill to engage when the user did not explicitly request structured investment analysis. In a skill that produces concrete trading workflows and risk-management actions, unintended invocation increases the chance of unsolicited or miscontextualized financial guidance affecting user decisions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The V3 trigger mixes specific keywords with a vague contextual condition ('V2多头胜出且涉及AI相关行业'), leaving unclear when the deepest recommendation stage should run. Because V3 contains concrete stock picks, entry ranges, and sector-specific investment opinions, ambiguous escalation can push users into more assertive advisory content without a clear boundary or explicit consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill gives direct transactional guidance such as buy/sell rules, liquidation triggers, and position-management instructions without a prominent disclaimer that this is not financial advice. In context, the skill is explicitly designed for stock and investment decisions, so users may reasonably treat the output as professional advice and act on it, risking financial loss.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are extremely broad, including generic finance phrases and even '任何金融标的讨论', which can cause the skill to activate in routine conversations where the user did not explicitly request this framework. That increases the chance of unwanted behavioral override, especially in an investment context where the skill may impose rigid advice patterns or authoritative-seeming recommendations without clear user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill gives concrete investment action guidance such as position sizing, entry range, stop-loss, target price, and holding period without any financial-risk warning or suitability disclaimer. This can cause users to treat speculative output as personalized financial advice, increasing the chance of harmful real-world trading decisions and regulatory/compliance issues.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad, common investment terms, so normal user discussion about AI investing or research could unintentionally activate the skill. Unintended invocation is dangerous because it can apply hidden workflow instructions, including persistence behavior, without the user realizing the agent has switched into a special mode.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes writing outputs to a memory directory without warning the user that stored data may be created or modified. This creates a transparency and consent problem and can lead to unauthorized retention of generated content, including user-influenced financial analysis that may later affect future sessions or agent behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal