ClawHub

Security Portfolio Risk

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed portfolio risk analysis guide with no executable install behavior, persistence, or hidden data access.

Install this if you want help with portfolio risk analysis, but be aware it may activate during broad finance discussions. Avoid sharing sensitive portfolio or client data unless appropriate, and verify regulatory or investment claims against official sources before acting on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains broad generic terms such as 'risk management', 'portfolio risk', '资产配置', and '风险分析' that are likely to appear in ordinary finance discussions. This can cause the skill to activate unintentionally, leading users to receive domain-specific portfolio analysis behavior in contexts where it was not requested, increasing the chance of inappropriate advice or data handling in unrelated conversations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal