ClawHub

Trader Simulator

Security checks across malware telemetry and agentic risk

Overview

This trading simulator is not clearly malicious, but it can automatically use broad web/social tools and set stock-monitor alerts without clear confirmation.

Review before installing. Use it only if you are comfortable with financial-data dependencies, web/social lookups, and stock-monitor integration. Require explicit confirmation before any browser/social search, alert/watchlist/monitor setup, or new persona creation, and treat all retrieved social content and investment suggestions as untrusted educational material rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is presented as a stock-trading simulator, but later expands into broad browser, search, and social-media collection workflows. This scope expansion can cause users or orchestrators to grant tool access under a narrower trust model than the skill actually expects, increasing the risk of overbroad data retrieval and unintended external actions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Claiming the ability to inspect Xiaohongshu, Douyin, and YouTube extends the skill into cross-platform content surveillance that is not clearly necessary for a trading simulator. That increases privacy, compliance, and prompt-injection exposure because untrusted third-party content may be ingested and acted upon during financial analysis.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger phrases such as generic discussion requests can collide with ordinary conversation and unintentionally activate the skill. In an agent environment with tool access, accidental activation can lead to unplanned searches, data pulls, or monitoring actions without clear user intent.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The listed invocation phrases are highly generic and overlap with common financial chat, making accidental or ambiguous activation likely. This is especially risky here because the skill can fan out into multiple tools and personas once triggered.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Automatic tool-call scenarios are keyed off everyday wording like 'search' or 'check news,' which can cause silent escalation from conversation into external browsing or platform querying. Because the content sources are untrusted, this also raises downstream prompt-injection and privacy risks once auto-invocation occurs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal