ClawHub

Investor Education Workflow

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support investor-education content workflows, but it under-defines safeguards for storing customer-derived data and publishing or pushing content externally.

Review before installing. Use this only in an environment where customer-derived records are sanitized, retention is governed, and every WeChat publication or customer push requires human approval. Do not let it ingest raw customer conversations, account details, complaints, or suitability information unless your organization has explicit consent, compliance approval, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly instructs the agent to write generated content, customer feedback, and usage information back into persistent knowledge-base files, but does not require explicit user consent or a warning before modifying stored data. In an agent environment with Write/Exec/Bash permissions, this can lead to silent file modification, unintended persistence of sensitive material, and poisoning of future outputs through unreviewed self-written knowledge.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The prompt explicitly instructs the workflow to fall back from an internal knowledge base to targeted searches of official external sources, but it provides no disclosure, consent boundary, or handling guidance for external retrieval. In an agent setting, this can lead to unexpected network access, retrieval of untrusted or changing content, and possible transmission of user context to third-party sources without the user's awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The prompt explicitly routes generated content to 'expression-layer (writes + wechat)' and says to publish it to a public WeChat account, but it does not require a user confirmation step, disclosure that content will be sent to an external platform, or a check for sensitive data in the generated material. In an agent workflow, automatic external posting increases the risk of unintended disclosure, accidental publication, or user surprise, especially if source material or drafts contain confidential or regulated information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly includes 'internal customer Q&A records' as raw source material for the knowledge base, but provides no constraints around de-identification, lawful basis, access control, retention, or exclusion of sensitive personal/financial data. In an investor-education workflow, those records may contain PII, account details, complaints, or suitability-related information, so ingesting them into a persistent wiki materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow proposes pushing knowledge-base content to 'all related customers' without describing consent, audience-governance, profiling limits, unsubscribe controls, or safeguards against using customer behavior/history inappropriately for targeting. In a financial-services context, this can lead to unauthorized outreach, misuse of customer data, and regulatory issues if educational content is distributed based on inferred attributes without proper controls.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill directs storage of customer Q&A, feedback, and usage-frequency metadata in a persistent knowledge base without data-minimization rules, sensitivity screening, retention limits, or redaction requirements. In this context, user prompts may contain personal, financial, or regulated information, so indiscriminate retention increases privacy risk and may expose sensitive data to later readers or downstream tools.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal