ClawHub

Valuation Comps

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only business valuation guidance skill with no executable code, credential access, persistence, or hidden system authority.

Before installing, treat this as valuation planning support rather than certified financial, tax, audit, or legal advice. Users should verify market multiples and source data independently, avoid sharing unnecessary confidential company details, and use qualified professionals for formal 409A, tax filings, fairness opinions, or investor-critical valuation work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase at this line is broad enough to match ordinary user requests that are not clearly asking to invoke this specific valuation skill. Overly generic activation phrases can cause unintended routing, making the agent surface finance-specific guidance in contexts where it was not requested and increasing the risk of incorrect, context-inappropriate, or manipulative outputs in valuation-sensitive workflows.

Vague Triggers

Medium
Confidence
84% confidence
Finding
This trigger phrase is vague and likely to collide with common assistant requests, which can lead to accidental invocation of the valuation skill. In a financial advisory context, unintended activation is more dangerous because the skill can produce investor-facing valuation narratives and ranges that may be inappropriately applied to decisions like fundraising or acquisition discussions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal