ClawHub

胡田 OPC导师 黄金交易

Security checks across malware telemetry and agentic risk

Overview

This is a document-only cross-border gold-trading due-diligence skill with disclosed, purpose-aligned sensitive checklists, but users should handle privacy and cross-border data controls carefully.

Before installing or using this skill, treat it as a professional checklist rather than legal advice. Use it only with authorized compliance staff or counsel, collect the minimum necessary personal and financial documents, redact nonessential fields, use secure channels, define retention and deletion rules, and verify cross-border data-transfer obligations for Laos, Hong Kong, China, and any other involved jurisdiction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The checklist asks for highly sensitive personal and legal records such as identity documents, passports, criminal-record statements, and litigation data, but provides no guidance on minimization, lawful basis, storage, retention, access control, or redaction. In a cross-border gold-trade due diligence context, these documents are especially attractive targets and mishandling could create privacy violations, insider abuse, or regulatory exposure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document directs cross-border verification of supplier, mining-rights, and related business data with foreign authorities and third parties, but does not warn about privacy, data-transfer restrictions, confidentiality duties, or jurisdiction-specific compliance obligations. Because the skill is designed for Laos/Southeast Asia to Hong Kong cross-border transactions, the operational context makes ungoverned international data sharing more likely and increases legal and security risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal