ClawHub

Fund Operation Workflow

Security checks across malware telemetry and agentic risk

Overview

The core skill is a prompt-only fund-operations workflow, but it also includes an off-platform WeChat/Feishu user-acquisition and tracking funnel that collects contact and company details without adequate privacy boundaries.

Review before installing. The prompt workflow itself appears non-executable and generally coherent, but skip the WeChat/Feishu/GitHub registration flows unless you trust the publisher and understand how your contact, company, and usage data will be stored and used. Do not post employer-confidential or personal contact information in public GitHub issues, and verify any remote install script before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (19)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The README includes usage tracking, registration incentives, and external join/contact flows that are not necessary for the skill's stated purpose of building a fund-operations workflow. This creates an unnecessary data-collection and off-platform redirection surface, which can pressure users to disclose contact details or engage with unvetted external channels.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation actively encourages users to register via WeChat, Feishu, GitHub Issues, and consultation channels unrelated to the operational-planning function. In a security review context, this is dangerous because it expands the trust boundary, enables collection of user identifiers, and can be used for phishing, profiling, or unauthorized marketing under the guise of using the skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The document adds user registration, promotional incentives, contact capture, and follow-up channels that are not necessary to the skill's stated purpose of building a fund-operations workflow. This expands the skill from workflow assistance into lead generation and user-data collection, creating unnecessary privacy, trust, and social-engineering risk for users interacting with the skill.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The Feishu registration flow explicitly requests company, role, usage scenario, frequency, ratings, and suggestions, which are not justified by the workflow-construction function of the skill. Collecting this information enables profiling and follow-up contact without demonstrating necessity or informed consent, increasing privacy and misuse risk.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file's actual behavior is a WeChat acquisition, incentive, and user-tracking funnel, which materially differs from the manifest's described purpose of building fund-operation workflows. This mismatch is dangerous because users and host systems may grant trust and permissions based on the declared purpose while the skill instead drives off-platform contact, data capture, and marketing operations.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The tables define collection of personal and contact data such as WeChat ID, nickname, company type, role, contact details, usage patterns, and follow-up status, none of which is necessary for a workflow-design skill to function. Excessive data collection increases privacy, compliance, and misuse risk, especially when tied to tracking, profiling, and ongoing outreach.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The incentive structure uses rewards, referrals, social sharing, and gated benefits to drive promotion and deeper engagement unrelated to the declared workflow-construction purpose. While not inherently exploit code, it repurposes the skill as a growth-hacking funnel and can pressure users into disclosure or promotional actions under misleading expectations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples use broad natural-language phrases such as asking for help to build a fund-related workflow, without clear boundaries, exclusions, or confirmation steps. In an agent skill, this can cause over-broad invocation in sensitive financial/business contexts, increasing the chance the skill is applied to regulated decision-making, operational planning, or adjacent requests the user did not explicitly intend.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation conditions are ambiguous and do not define clear boundaries for when the skill should abstain, making invocation unpredictable. In an agent environment, this can lead to misrouting, unexpected insertion of MBTI/compliance workflow scaffolding into unrelated tasks, and reduced user control over tool selection.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation conditions are ambiguous and do not define clear boundaries for when the skill should abstain, making invocation unpredictable. In an agent environment, this can lead to misrouting, unexpected insertion of MBTI/compliance workflow scaffolding into unrelated tasks, and reduced user control over tool selection.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The registration section encourages users to submit information in exchange for benefits, but it does not provide a clear privacy/data-use notice explaining collection scope, storage, sharing, retention, or user rights. Users may disclose personal or employer-related information under incentive pressure without understanding how that data will be used.

Missing User Warnings

High
Confidence
99% confidence
Finding
The GitHub Issue registration path invites users to post company type, role, use case, time savings, and possibly contact details, but does not warn that GitHub Issues are public by default. This can cause accidental public disclosure of personal, professional, or commercially sensitive information that may later be indexed, scraped, or abused.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "运营工作流" is broad and likely to match ordinary conversation outside the intended narrow context. Overbroad triggers can cause unintended activation of the funnel, automatic replies, and redirection into data-collection or installation flows without clear user intent.

Vague Triggers

High
Confidence
96% confidence
Finding
Single-digit triggers like "1", "2", "3", and "4" are highly collision-prone and can be invoked accidentally in normal chat. In this context, accidental activation can send install instructions, booking flows, or group-enrollment prompts that move users into off-platform interactions and data-sharing workflows they did not clearly request.

Missing User Warnings

High
Confidence
95% confidence
Finding
The flow requests users to add WeChat, submit a registration form, and receive follow-up benefits, but provides no visible privacy notice, data-use explanation, retention policy, or consent language. This creates legal and security exposure because users are funneled into sharing personal information without informed understanding of how it will be stored, used, or shared.

Ssd 3

Medium
Confidence
93% confidence
Finding
The document operationalizes ongoing tracking of individuals across registration, tasks completed, feedback, referrals, rewards, and satisfaction, creating a lightweight CRM profile. Persistent behavioral tracking increases the blast radius of misuse, especially when combined with identifiers and incentives that encourage deeper participation.

Ssd 4

Medium
Confidence
86% confidence
Finding
The multi-step funnel is designed to progressively build trust and move users from content consumption to WeChat contact, downloads, registration, feedback, and ongoing operations. In security terms, this increases risk because the skill context is being used to shepherd users into broader data-sharing and off-platform engagement not obviously required for the stated functionality.

External Script Fetching

High
Category
Supply Chain
Content
【方式 1:OpenClaw + ClawHub(推荐)】

步骤 1:安装 OpenClaw
curl -fsSL https://openclaw.ai/install.sh | bash

步骤 2:安装技能
clawhub install fund-operation-workflow
Confidence
99% confidence
Finding
curl -fsSL https://openclaw.ai/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
【方式 1:OpenClaw + ClawHub(推荐)】

步骤 1:安装 OpenClaw
curl -fsSL https://openclaw.ai/install.sh | bash

步骤 2:安装技能
clawhub install fund-operation-workflow
Confidence
99% confidence
Finding
| bash

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal