ClawHub

The Little Book of Common Sense Investing: The Only Way to Guarantee Your Fair Share of Stock Market Returns

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investing education skill with no executable code or data access, but users should treat its portfolio guidance as general education rather than personalized financial advice.

Install only if you want a Bogle/index-fund educational assistant. Do not treat its asset-allocation, tax, adviser, or portfolio suggestions as personalized financial, tax, or legal advice; verify decisions against your own circumstances and consult a qualified professional for individualized guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is extremely broad and includes generic investing terms such as 'Vanguard,' 'Warren Buffett,' 'asset allocation,' and 'doesn't know how to start,' which can cause the skill to activate in many unrelated financial conversations. In a financial context, over-triggering is risky because it can inject unsolicited investment guidance and crowd out more appropriate, contextual, or safety-limited responses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill gives concrete investing guidance such as portfolio construction, age-based bond allocation, tax minimization, and adviser evaluation without clearly warning that the material is general education rather than personalized financial advice. This is dangerous because users may treat the output as tailored fiduciary guidance despite missing critical suitability factors like age, jurisdiction, risk tolerance, tax situation, and account type.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal