ClawHub

Financial Feminist

Security checks across malware telemetry and agentic risk

Overview

This is a content-only personal finance skill with disclosed framing and no executable code, account access, credential handling, or persistence.

Install only if you want a Financial Feminist-style personal finance coach. Expect women-focused framing, a Heardly watermark, and possible activation on broad finance questions; do not rely on it as a substitute for professional financial advice for investing, taxes, debt settlement, or complex personal circumstances.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is overly broad and includes generic personal-finance phrases such as budgeting, debt payoff, investing, and salary negotiation that many unrelated user requests could match. This can cause unintended skill invocation, leading the agent to force this skill's framing, proactive onboarding, and mandatory output format into conversations where it is not appropriate, reducing reliability and potentially crowding out safer or more relevant guidance.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The content explicitly frames financial advice around women-specific circumstances without offering users a choice of framing or clarifying that the guidance is tailored to a particular audience. In a general-purpose agent skill, this can lead to exclusionary or biased outputs, misalignment with users outside the target demographic, and overgeneralized claims about gender that may not apply universally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal