ClawHub

financial-report-analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local financial-report PDF analyzer; its main risks are ordinary local output persistence and overconfident investment-style report language, not hidden or malicious behavior.

Install only if you are comfortable running local Python scripts on financial PDFs you provide. Use a dedicated folder, avoid confidential non-public reports unless local plaintext outputs are acceptable, delete generated JSON/TXT/chart/report files when finished, and treat any investment rating or recommendation language as non-professional analysis that requires independent verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The template explicitly directs the agent to produce an investment rating and recommendation for an individual stock, which goes beyond neutral financial data extraction and analysis into personalized or prescriptive financial advice. In the context of a financial-report analyzer, this increases the risk of ungrounded, misleading, or compliance-sensitive output that users may rely on for real investment decisions despite the disclaimer.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This section specifically asks for 'investment advice' and 'suitable investor type,' which materially expands the skill from document analysis into actionable financial guidance. That is dangerous because it can create suitability-style recommendations without knowing the user's risk tolerance, jurisdiction, or regulatory constraints, making harmful reliance more likely.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger phrase “帮我分析这份PDF财报” is broad enough that it could activate on generic user requests without clearly constraining invocation to this specific skill context. In an agent ecosystem, overly generic triggers can cause unintended routing, leading the skill to process documents or financial-analysis requests when the user did not explicitly intend to invoke it.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The comparison example “对比这两家公司的财务状况” is ambiguous because it lacks constraints tying the request to uploaded financial reports or to the skill’s supported analysis scope. This can cause accidental invocation on ordinary business comparisons, potentially exposing unrelated documents to parsing workflows or producing financial-analysis outputs in the wrong context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes full extracted PDF text and table contents to disk by default without warning or consent, which can expose sensitive financial, personal, or proprietary data to other local users, backups, logs, or downstream processes. In the context of financial-report processing, documents may contain non-public or confidential information, making silent persistence materially riskier.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal