clawhubagent1
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a data-only skill with no code or requested permissions, but it is poorly described and bundles financial-looking bank/government CSV data that users should verify before relying on or sharing.
Before installing, confirm whether the CSV files are legitimate, public, and appropriate to share with your agent. The skill itself has no executable code or permissions, but its purpose and data provenance are not documented.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could treat the bundled financial records as authoritative without understanding their source or intended use.
The skill provides no meaningful description of its purpose, despite bundling financial-looking CSV files. Users may not understand what the bundle is intended to represent.
# clawhubagent1 clawhubagent1
Add a clear description explaining what the CSV files are, where they came from, and whether they are sample, public, or sensitive data.
The agent may reuse or summarize unverified financial data in future responses, potentially spreading inaccurate or sensitive information.
The bundle stores financial-looking institutional asset data that an agent may later use as context, but the artifacts do not describe provenance, accuracy, or sharing expectations.
"Total value (USD)","22,582,017,214.82" ... "Bitcoin","84,135.64" ... "Holdings (USD)","22,319,294,772.08"
Verify the data source before use, avoid treating it as authoritative unless provenance is documented, and remove the files if they are not intended to be shared.