ClawHub

Ai Company Cfo 2.0.0

Security checks across malware telemetry and agentic risk

Overview

This CFO skill is instruction-only and mostly coherent, but it grants broad financial automation authority without clear enough human approval boundaries.

Install only for a finance workspace where broad CFO automation is intentional. Keep it in recommendation or draft mode unless you add explicit approval gates for payments, transfers, investments, budget changes, cloud resource scaling, spend cancellation, file deletion, and outbound sharing of financial data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill content is entirely in Chinese and strongly frames the agent role and workflow without any user opt-in for language or locale, which can override a user's preferred interaction language and reduce transparency. While this is not directly a code-execution risk, forced locale can cause misunderstandings, unsafe consent around actions, and degraded user control, especially in a finance-oriented workspace.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill identity and style are written entirely in Chinese and prescribe a Chinese-first communication mode without indicating any user-language negotiation. This can cause the agent to ignore or override a user's preferred language, reducing usability and potentially creating misunderstandings in financial or compliance-sensitive interactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that when predicted cash conditions cross thresholds, it will automatically initiate short-term investment actions or reallocate funds to higher-yield products. In a CFO/financial-ops skill, this is dangerous because it normalizes autonomous asset movement without an explicit requirement for user approval, account scoping, suitability checks, or jurisdictional/compliance safeguards, which could cause real financial loss or unauthorized treasury activity.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The instruction to immediately terminate any spending that does not directly generate or enable revenue promotes abrupt cutoff behavior without warning about downstream effects on security, compliance, uptime, or critical business operations. In this skill's context, where infrastructure, tools, and financial systems are tightly coupled, sudden spend termination could disable essential services, break controls, or create operational and legal risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal