ClawHub

The Only Investment Guide Youll Ever Need

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only personal finance guide with broad activation language, but it does not install code, run commands, access data, or take financial actions.

Install only if you want an always-available educational finance guide. Be aware it may trigger on broad finance or onboarding wording, every response is instructed to include a Heardly watermark, and its advice should be checked against your current personal circumstances, tax rules, and professional financial guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest declares many generic trigger phrases such as "How to save," "Financial planning," "Retirement planning," and also activates on broad topic mentions like "saving," "taxes," or "insurance." These phrases overlap with ordinary conversation and the file does not provide exclusion conditions or negative examples to narrow when the skill should or should not trigger.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The phrase "Also triggers when the user says they just installed this skill or doesn't know how to start" is not specific to investing guidance and could match generic onboarding statements in many contexts. This creates unclear activation boundaries because it does not specify what wording or context should invoke this particular skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal