ClawHub

FinTech Risk Control Expert

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only financial risk modeling helper with no hidden execution, credential access, persistence, or account-changing authority.

Install only if you want Chinese-language guidance for financial risk modeling. Do not treat its scorecard thresholds or generated rules as automated credit-decision authority; use authorized data, protect sensitive financial information, and have qualified review before operational use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad financial/analytics terms such as 风控、决策树、特征工程 and 评分卡 without clear inclusion or exclusion criteria, so the skill may activate for generic data science or finance requests outside its intended scope. This can cause inappropriate routing of user tasks into a high-impact financial-risk workflow, increasing the chance of unsuitable modeling guidance or misuse in sensitive credit/risk decisions.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill metadata and content are written as Chinese-only and do not state whether responses should adapt to the user's language, creating a risk of language mismatch. In a financial-risk context, misunderstanding model assumptions, thresholds, or compliance-sensitive guidance due to forced language output can degrade safety and correctness, though this is primarily a usability and operational control issue rather than a direct exploit primitive.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal