Back to skill

Security audit

claude financial-services for openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only financial analysis guidance pack; its scope is broad and it may touch sensitive financial data, but it shows no hidden execution, persistence, or account-mutating behavior.

Install this if you want a broad financial-services methodology pack. Before using it with real portfolio, lending, insurance, client, or data-room materials, make sure any connected data providers expose only the intended datasets, and treat generated financial outputs as drafts requiring human professional review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description is broad enough to trigger this skill collection for nearly any finance-related task, including routine analysis, modeling, due diligence, and reporting. In an agentic system, overly broad activation increases the chance of unintended invocation, which can inject inappropriate instructions, expand scope, or override a more specific skill selection path.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description is broad enough to trigger on a wide range of ordinary finance tasks, increasing the chance this skill is invoked when the user did not intend asset-management-specific workflows or mandatory downstream skills. Overbroad auto-invocation can bias outputs, expand the skill's influence surface, and cause unnecessary handling of sensitive financial data or formatting requirements.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.