ClawHub

Us Stock Analysis Litiao

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is coherent and instruction-only, but its investment-style recommendations should be treated as informational research rather than financial advice.

Before installing, make sure you are comfortable using a Tavily API key or web search for market research. Treat generated ratings, target prices, stop-losses, and position sizing as educational analysis that may be wrong or stale; verify data independently and consult a licensed financial professional before making real investment decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to generate investment recommendations, including Buy/Hold/Sell ratings, target prices, and entry strategies, but provides no financial-risk disclaimer, suitability caveat, or requirement to frame outputs as informational only. This can cause users to rely on personalized-seeming financial guidance for real money decisions, increasing legal/compliance and user-harm risk even if the analysis is well-intentioned.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The template explicitly structures outputs to deliver Buy/Hold/Sell recommendations, target prices, position sizing, stop-losses, and alternative investments, but it contains no user-facing disclaimer that the content is informational and not personalized financial advice. In a stock-analysis skill, this increases the chance users treat model-generated output as actionable investment guidance, which can lead to financial harm, suitability issues, and compliance exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal