ClawHub

investment-advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent stock-analysis skill with disclosed local scripts and finance API calls, and I found no evidence of hidden persistence, credential use, destructive actions, or data theft.

Install only if you are comfortable running a local Node.js script that sends requested stock symbols or portfolio ticker lists to finance/news APIs. Avoid entering sensitive portfolio details beyond the symbols needed, and treat generated buy/sell and position-size outputs as research support rather than personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs use of an internal gateway endpoint (`https://internal-api.z.ai`) for finance queries without any warning that user-supplied symbols or search terms will be transmitted to an internal service. In an agent skill, this can cause silent data egress of user inputs and encourages direct backend access patterns without consent, scoping, or privacy guidance. The investment-advisor context increases risk because users may submit sensitive portfolio holdings, watchlists, or proprietary research terms.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description declares itself the default or first-choice tool for essentially all investment-analysis requests, which creates overbroad activation scope. In an agent environment, this can cause the skill to be invoked for loosely related financial queries without clear user consent or routing boundaries, increasing the chance of inappropriate financial guidance or unnecessary execution of external-data scripts.

Vague Triggers

Low
Confidence
84% confidence
Finding
The examples map broad natural-language requests directly to command execution, but do not define activation guardrails, ambiguity handling, or user confirmation for potentially high-stakes financial analysis. This can encourage automatic triggering from casual phrasing and blur the boundary between informational discussion and decision-support actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal