ClawHub
Back to skill

Security audit

Options Payoff

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only options payoff chart helper with broad triggers, but it does not show hidden access, persistence, credential use, or data exfiltration.

Safe to install for options payoff visualization, but review any generated chart before relying on it. Broker screenshots may contain sensitive account or position details, and missing strikes, premiums, expiry, spot price, or volatility may be defaulted rather than confirmed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger rules are intentionally expansive and include common finance phrases, partial information, and broker screenshots, which increases the chance of invoking the skill when the user did not clearly request payoff visualization. In an agent environment, over-broad auto-triggering can cause unintended processing of user inputs, misroute tasks, and expose screenshots or trading details to a skill unnecessarily.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger rules are intentionally expansive ('always use this skill' for many common options-related mentions, screenshots, or partial information), which can cause the skill to activate when the user is only discussing options conceptually rather than asking for payoff visualization. This can lead to inappropriate tool/widget invocation, incorrect assumptions from defaulted financial parameters, and degraded agent behavior in a finance context where precision matters.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.