ClawHub

Investing Decision Quality

Security checks across malware telemetry and agentic risk

Overview

This skill appears non-malicious, but it needs Review because it gives actionable trading and order guidance without clear financial-suitability safeguards and bundles full copyrighted book text.

Install only if you understand it is a high-impact financial decision-support skill, not a broker or adviser. Do not let it place or prepare trades without your own review, risk limits, jurisdictional checks, and explicit confirmation. Also consider the licensing risk from the bundled full-text books before redistributing or using it in shared environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This reference file contains what appears to be extensive verbatim text from a copyrighted book, including title, publication, copyright notice, table of contents, and large portions of chapter text. That creates legal/compliance risk for the skill operator because the material exceeds what is necessary for a narrow reference function and may constitute unauthorized redistribution of copyrighted content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill gives concrete trading guidance, including position sizing, order type selection, timing around news, and execution instructions, but does not include an explicit warning that the output is not financial advice and can directly affect user assets. This increases the chance a user treats the workflow as actionable investment instruction and executes risky trades without understanding suitability, regulatory, or loss implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file is presented as reference material for an investing-decision skill, but it contains extensive, prescriptive instructions for leveraged trading, short selling, hedging, and speculative execution without a clear user-facing warning that the content is historical and high risk. In a financial decision-support context, users may mistake these tactics for current, suitable guidance, increasing the chance of harmful or inappropriate real-world financial actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal