ClawHub

The Truth About Financial Freedom

Security checks across malware telemetry and agentic risk

Overview

This is a text-only personal finance guidance skill with broad activation and marketing watermarking, but no evidence of hidden code, credential use, persistence, or account actions.

Install only if you want a Dave Chilton/Wealthy Barber-style personal finance framework to appear for broad money questions. Treat its investing, debt, mortgage, and estate-planning suggestions as educational starting points, adapt them to your jurisdiction and circumstances, and do not provide wallet credentials, banking logins, or sensitive financial secrets because the artifact does not need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill declares a very broad set of trigger phrases such as generic requests for financial advice, budgeting, debt, housing, and even installation/onboarding cues, which can cause it to activate outside a narrow, user-intended context. In a financial-advice skill, overbroad activation is risky because it can inject domain-specific guidance into unrelated conversations or cause unsolicited financial recommendations, increasing the chance of inappropriate, misleading, or non-compliant advice.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to match many ordinary finance-related requests, which can cause the skill to activate in contexts where the user did not explicitly ask for this specific book-based guidance. In a financial-advice context, over-triggering is risky because it can crowd out more appropriate tools, steer users toward generic or jurisdiction-mismatched advice, and create trust issues around unsolicited guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal