ClawHub

Financial Investment Banking

Security checks across malware telemetry and agentic risk

Overview

This skill provides investment-banking workflow guidance and deck-building help, with limited local file/tool use that fits its stated purpose.

Install if you want investment-banking drafting and presentation workflows. Be aware that some presentation features may inspect local skill/template names and may invoke LibreOffice to convert slides for review; use trusted source documents and templates, and avoid granting broad filesystem access beyond the files needed for the task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to run a shell command (`ls skills/ | grep ...`) to enumerate local directories in order to discover template skills. That exceeds the core investment-banking business function and creates unnecessary local system access, which can expose environment structure, leak installed assets, and normalize command execution from skill content. In an adversarial or multi-tenant environment, even simple enumeration can reveal sensitive internal naming and become a stepping stone for broader abuse.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The strip-profile workflow mandates subprocess-style invocation of LibreOffice (`soffice --headless --convert-to pdf`) for document conversion and validation. External process execution is not inherently required for producing investment-banking content and expands the attack surface through shelling out to local binaries, file handling, and possible parsing of untrusted documents. This is especially risky where the agent may process user-supplied presentations or templates.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The markdown directs the agent to inspect local skill directories via shell commands without clearly warning the user that local system access will occur. Even if the command is limited, undisclosed local inspection weakens transparency and consent, and in combination with other agent capabilities could expose local configuration, installed skills, or internal file naming conventions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal