ClawHub
Back to skill

Security audit

Xiaoxin Cc Training

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only short-term stock-trading education skill with no code or privileged access, but its tactics should be treated as risky educational material, not financial advice.

Install only if you want general educational content about speculative A-share short-term trading. Do not treat its buy/sell cues or risk rules as personalized financial advice, and consider adding or expecting clear disclaimers before using it for real trading decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill gives specific, actionable trading tactics, entry cues, and risk rules without any warning that the material is educational only, may be unsuitable for many users, and can lead to substantial financial loss. Because the content is framed as practical guidance rather than general information, users may treat it as personalized or safe-to-follow advice and take risky market actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.