ClawHub
Back to skill

Security audit

TDX Formula Master

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only TDX formula helper; its financial-screening examples require careful judgment but it does not request system access or hide behavior.

Install only if you want technical help drafting TDX formulas. Treat generated stock-screening and backtesting formulas as educational templates, not investment advice; validate formulas independently and do not rely on them as proof of profitability or suitability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger phrases are broad natural-language requests such as stock screening, sector leader identification, and adding financial filters. Because they overlap with common user intents, the skill may activate too readily in general finance conversations and steer users into actionable stock-selection outputs without sufficient contextual safeguards. In a finance-focused skill, unintended activation is more concerning because the generated output can influence real investment decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently offers stock-selection, sector rotation, and backtesting capabilities but does not provide any warning that outputs are educational/technical and may affect financial decisions. This omission is risky because users may interpret the generated formulas and screening logic as investment recommendations, especially when terms like '龙头识别', '强势股', and '回测' imply actionable trading utility. The finance context increases the danger since even technically correct formulas can be misused as advice without disclosure of limitations and risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.