ClawHub

账务主管和财务总监

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese accounting/CFO assistant with disclosed finance guidance and no executable install behavior, but users should confirm scope before relying on it.

Install this as an advisory checklist and drafting skill, not as an autonomous finance operator. Confirm the applicable jurisdiction and accounting framework before using its advice, avoid storing confidential financial details in memory unless permitted, and do not connect it to ERP, banking, tax, or payment systems without human approval controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger set is overly broad and consists of common business terms, so the skill may activate on many unrelated user requests. In an agent environment, unintended invocation can route sensitive business or financial conversations into a specialized workflow the user did not intend, increasing the chance of inappropriate guidance, context leakage, or incorrect automation behavior.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill hard-codes Chinese accounting standards and a Chinese compliance context without requiring confirmation that the user's entity, jurisdiction, and reporting basis actually match. This can cause the agent to provide authoritative but inapplicable compliance guidance, which is especially risky in financial reporting where wrong standards can produce material errors.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal