ClawHub

a-stock-position-management

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only stock position-management guide, with financial-risk caveats but no account access, automation, or hidden behavior.

Install only if you want general A-share position-management heuristics. Do not treat its percentages as personalized investment advice; consider your risk tolerance, time horizon, capital constraints, and local regulations before acting on any output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are short, generic user questions about market positioning and adding or reducing exposure, which creates a realistic risk of unintended invocation in normal conversation. In a financial-decision skill, accidental activation is more dangerous because it may cause the agent to provide trading guidance without sufficient context, suitability checks, or explicit user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill provides concrete position-sizing and trading-allocation rules but contains no warning that the output is not financial advice, may be incomplete, and can lead to monetary loss. This is especially risky in the skill's context because the content is explicitly designed for A-share position control, so users may reasonably rely on it for real-money decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal