ClawHub

Thesis Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for tracking investment theses, but it persistently saves and automatically syncs potentially sensitive investment views with too little user control.

Install only if you are comfortable with investment theses, assumptions, targets, and checks being saved locally and possibly copied into IMA notes. Before using it for sensitive portfolio strategy or proprietary research, narrow the trigger phrases and require explicit confirmation before each save or IMA sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match ordinary investment discussion, which can cause the skill to activate when the user did not intend to invoke persistent thesis tracking. In this skill’s context, unintended activation is more dangerous because the skill can save user content and create knowledge-base notes automatically, turning a routing issue into a privacy and consent problem.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that thesis data is persisted to a local JSON file and that new theses are automatically synced to a knowledge base, but it does not warn the user or describe consent, retention, or what data will be copied. In an investment-analysis workflow, users may provide sensitive financial views, portfolio rationale, or proprietary research, so silent storage and sync materially increase confidentiality and compliance risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description is broad enough that normal investing conversations could unintentionally invoke the skill, causing it to begin extracting and persisting structured investment theses when the user may only be asking for general discussion. In this context, accidental activation is risky because the skill is stateful and writes user content to disk, which amplifies the effect of a trigger mismatch.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Examples like '我之前说XX会怎样,现在怎么样了' and '帮我记一下这个投资逻辑' are ambiguous and could match common conversational requests without clearly signaling consent to persistent tracking behavior. Because this skill stores data and creates follow-up records, ambiguous prompts can lead to unintended retention and automated monitoring of user-provided investment ideas.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs storage of user-provided investment theses in a local JSON file but does not tell the user that their content will be retained persistently. This creates a privacy and consent issue, especially since investment theses may contain sensitive financial interests, positions, or strategies that the user may not expect to be written to disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Creating an additional IMA note duplicates the thesis data into another persistence surface without warning the user, increasing exposure, retention scope, and the chance of unintended access. In this skill's context, the duplicate note may contain sensitive investing views or trade rationale, so silent replication meaningfully increases privacy risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal