ClawHub

吴军投资智慧

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only investment analysis skill; its main risk is that users may treat generated investment recommendations as advice.

Use this skill as an educational checklist for research, not as professional financial advice. Verify any data independently and avoid making investment decisions solely from its recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "吴军怎么看" is broad and conversational, so it can match many ordinary user requests that merely mention Wu Jun rather than intentionally invoking this skill. That raises the risk of unintended activation, causing the agent to apply this investment-analysis persona in contexts where the user did not request it, which can lead to confusing or inappropriate responses.

Vague Triggers

Low
Confidence
78% confidence
Finding
The phrase "数据驱动投资" is somewhat generic and may appear in ordinary finance or strategy discussions without intent to invoke this specific skill. While less risky than a pure conversational phrase, it still increases the chance of accidental routing to the skill, especially in broader investing discussions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill’s invocation description uses very broad triggers such as 'when the user needs to analyze AI trends' and 'when the user asks where AI investment opportunities are,' which can cause the agent to invoke this skill in overly diverse contexts. That increases the chance of inappropriate routing, overconfident financial-style guidance, or bypassing more specialized skills and safeguards for investment, forecasting, or domain-specific analysis.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s activation description is overly broad for investment-related queries, such as triggering whenever a user asks how to analyze a company or perform quantitative analysis. In a financial context, ambiguous routing can cause the agent to invoke this skill for users seeking general education or personalized investment guidance, increasing the chance that the model produces analysis that materially influences financial decisions without appropriate safeguards.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This skill discusses investment value assessment and provides a framework for concluding that a company has investment value, but it lacks a clear warning that outputs are informational only and not investment advice. In the financial domain, omission of such a disclaimer makes it more likely that users will rely on the skill’s output for real financial decisions, especially because the content presents structured analysis and affirmative conclusions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal