ClawHub

China Stock Analysis 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a simple stock-analysis prompt skill with no executable code, no credential access, and no persistence, though users should treat its investment output as informal guidance only.

Install only if you want help summarizing public market information and informal stock analysis. Do not provide brokerage credentials or private financial records, and do not rely on the generated buy/hold/sell suggestions as the sole basis for investment decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The description is broader than the stated China-focused purpose because it says the skill should be used for Chinese companies, but the body explicitly supports US tickers and generic stock-price analysis. This can cause unintended invocation on general equity-analysis requests, leading to scope creep, misleading routing, and use in contexts the skill was not designed to handle.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The prescribed output template is entirely in Chinese and does not instruct the agent to adapt to the user's language. This can produce responses in an unexpected language, reducing usability, increasing misunderstanding of financial information, and making recommendations less clear to non-Chinese-speaking users.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
A mandatory disclaimer written only in Chinese forces a specific language regardless of user preference. In a financial-analysis context, disclaimers are important safety content, so presenting them in a language the user may not understand weakens informed use and could create compliance or trust issues.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal