ClawHub

Einstein Research — Market Bubble Risk Detector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent market-risk analysis skill with no hidden privileged behavior, but its generic trading guidance should not be treated as personalized financial advice.

Install only if you want a public-data market bubble analysis aid. Use a contained Python environment for any dependencies, verify the actual script or CLI before running, avoid sharing private portfolio details, and do not make trades solely from this skill’s recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The implementation guide extends beyond market-bubble analysis into concrete portfolio and trading directives such as risk budget, trailing stops, profit-taking, and short-selling rules. In a financial-analysis skill, this is dangerous because users may treat these outputs as personalized investment advice, creating material financial-harm and suitability risks without adequate disclaimers, user profiling, or regulatory safeguards.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This section gives concrete, actionable investment and short-selling procedures, including profit-taking schedules, stop logic, position sizing, and timing criteria, without any safety disclaimer or warning about financial risk. In a skill framed as practical decision support for market bubble detection, users may reasonably treat these steps as advice and act on them, increasing the chance of financial loss, unsuitable trading behavior, or harmful leverage exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide presents investment actions and risk-budget changes in an authoritative report format without prominently warning that they are informational only. In the context of an investment-related skill, this increases the chance that users will rely on the output for real financial decisions, potentially causing losses and exposing the system to compliance and trust risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section gives direct, imperative trading instructions such as 'Sell immediately' and concrete profit-taking actions during volatility without any accompanying warning that the content is educational only, not personalized financial advice, and may be inappropriate for a user's circumstances. In the context of an agent skill, this can prompt users to take immediate real-money actions based on generic heuristics, increasing risk of harmful financial decisions and potential regulatory/compliance issues.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This reference contains concrete trading instructions such as risk-budget changes, profit-taking percentages, stops, and short-selling guidance without an adjacent, prominent warning that the material is educational only and not individualized financial advice. In the context of an agent skill, users may over-trust the checklist and execute risky trades or liquidations, especially during volatile conditions, leading to financial harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal