ClawHub

Einstein Research — Headline Scenario Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only investment scenario analysis skill, but users should treat its stock suggestions as informational rather than financial advice.

Install only if you want agent-generated market scenario reports. Use an explicit command, verify that the configured scenario-analyst and strategy-reviewer agents are trusted, avoid confidential or nonpublic market information, and independently verify prices, filings, assumptions, and risks before acting on any stock ideas.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
起動トリガーが『このニュースが市場にどう影響するか教えて』のような日常会話に近い広い表現になっており、意図しない場面で投資分析スキルが自動発火する可能性があります。その結果、ユーザーが一般的な説明を求めただけでも投資推奨や銘柄提示まで進み、文脈不一致の助言や過剰な権限行使につながります。

Missing User Warnings

Medium
Confidence
95% confidence
Finding
このスキルは具体的な推奨セクターや推奨銘柄を生成する一方で、投資助言の限界、誤差、利益相反、自己責任、最新情報確認の必要性といった重要な注意喚起がありません。金融判断に直結する出力で免責や適合性確認が欠けると、ユーザーが分析結果を専門的助言として過信し、不適切な売買や損失を招く危険があります。

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal