ClawHub

李录投资智慧

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investment-analysis skill with clear financial-opinion bias but no code, data access, trading authority, or hidden execution.

Install only if you want an opinionated Li Lu-style investment checklist, especially for China-focused opportunities. Use its output as educational structure, verify all facts and valuations independently, and do not treat generated ratings as personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill’s activation description is overly broad, including generic conditions like analyzing Chinese investment opportunities, asking about core Chinese assets, or discussing modernization. In an agentic system, ambiguous triggers can cause the skill to activate in situations where the user did not explicitly request this framework, biasing outputs toward a specific investment thesis and reducing user control.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The skill is written entirely in Chinese and presents a single locale and framing without indicating that the agent should adapt to the user’s preferred language. This can lead to inappropriate activation or response formatting for users who did not opt into Chinese-language output, causing usability failures and increasing the chance of misunderstood financial guidance.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation text is overly broad, including triggers like long-term trend analysis and asking whether something aligns with civilization progress, which can match many ordinary finance discussions. This increases the chance the skill is invoked outside a narrowly intended context, causing unsolicited ideological investment framing and potentially steering user decisions without clear consent.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
The skill presents 'China is the biggest opportunity of the 21st century' as a fixed conclusion rather than a contestable viewpoint. In an investing skill, this can bias outputs toward a country-specific recommendation, reducing balance and potentially misleading users by presenting opinion as universal guidance.

Natural-Language Policy Violations

Low
Confidence
86% confidence
Finding
The closing tagline repeats a universal country-specific investment claim in a slogan-like form, which can anchor the model's responses toward a predetermined conclusion. Because it is concise and emphatic, it is likely to propagate into downstream outputs without proper qualification, undermining neutrality in financial analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal