ClawHub

Операционный директор: работа с банком

Security checks across malware telemetry and agentic risk

Overview

This banking assistant is mostly a demo-data instruction skill, but it can misleadingly present embedded account data as if it came from a bank API.

Review before installing. The skill appears to be a demo banking-operations assistant, not malware, but users should not rely on it as live bank data unless the assistant clearly performs a real bank lookup. It should be changed to disclose embedded/demo data every time account status is reported, avoid simulated API language, and ask a clarifying question for vague prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill says account responses must be based strictly on embedded data, but also allows the agent to 'imitate' a bank API call. That creates a deception and provenance risk: users may believe data was retrieved from a live banking system when it was not, which is especially dangerous in a banking context where operational decisions depend on data freshness and source authenticity.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance includes very broad, everyday phrases such as general questions about whether everything is fine with the account or what is happening with the bank. This can cause the skill to trigger on ambiguous user messages and surface sensitive financial summaries or banking guidance when the user did not clearly request this specialized behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The supported-topics section expands activation to vague colloquial prompts without clear boundaries, increasing the chance of unintended skill routing. In this skill's context, accidental activation is more serious because the content concerns bank account restrictions, payments, and operational recommendations that users may treat as authoritative financial status information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal