ClawHub

accounting-and-finance

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it needs Review because it can generate concrete investment advice and store analysis memory without clear limits.

Install only if you want a Chinese-language finance analysis suite and are prepared to treat its outputs as drafts, not professional financial advice. Verify formulas and assumptions independently, avoid relying on generated buy/sell/target-price guidance without qualified review, and do not allow MEMORY.md writes unless you explicitly approve what will be stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (21)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file claims to be for learning/research only, but elsewhere gives a concrete investment recommendation and target price. In a financial-analysis skill, this can mislead downstream agents or users into treating illustrative material as actionable advice, increasing legal/compliance and decision-quality risk.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The comparison table/commentary contains contradictory entity descriptions, suggesting copy/paste or data-integrity errors. In a valuation skill, such inconsistencies can corrupt analysis outputs, cause agent hallucination anchoring, and undermine trust in the model's financial conclusions.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is scoped and described as a CAPM cost-of-equity calculator, but these lines introduce outputs such as investment recommendations, target price, and broader risk conclusions that are not supported by the CAPM workflow itself. This scope drift can cause downstream agents or users to over-trust the skill as an end-to-end investment-analysis authority, leading to misleading financial decisions and unsafe automation behavior.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The later sections expand into generic financial analysis, trend comparison, forecasting, and tooling guidance that are outside the declared CAPM purpose. In an agent setting, this kind of overbroad instruction set increases the chance that the skill will be invoked for tasks it is not designed to perform, producing authoritative-sounding but methodologically unsupported outputs.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
Claiming that a CAPM methodology can produce target prices and buy/hold/sell recommendations is internally inconsistent and can misrepresent the model's capabilities. This is dangerous because users or orchestrating agents may treat a simple discount-rate component as sufficient basis for full investment advice, resulting in materially unsound conclusions.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill states that it is only for study/research and not investment advice, yet it provides specific target prices, buy ratings, position sizing, holding periods, stop-loss levels, and entry ranges. This contradiction can mislead users and downstream agents about the nature of the content, increasing the risk that regulated or high-stakes financial recommendations are treated as educational material and used without appropriate safeguards.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The supplementary content substantially diverges from the stated purpose of a three-stage DCF valuation skill and shifts into accounting policy, estimate analysis, and unrelated tooling. In an agent setting, this can mislead downstream users or systems into applying the skill to the wrong task, contaminating financial analysis outputs and reducing trust in automated decisions.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file's later sections materially drift from the declared zero-growth DCF scope into generic investing guidance, placeholder formulas, broad industry applicability, and concrete investment recommendations. This inconsistency can cause downstream agents or users to apply the skill outside its intended constraints, producing misleading valuation outputs or inappropriate financial advice under a false sense of model specificity.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill is presented as an earnings-quality analysis tool, but it later instructs the agent to produce explicit investment conclusions. That expands the skill's scope from descriptive financial analysis into regulated or high-stakes advisory behavior, which can mislead downstream systems or users about what the skill is authorized to do.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The case section includes concrete recommendation fields such as investment advice and target price, despite the skill being framed as an earnings-quality evaluation module. In an agent setting, this can cause unauthorized financial advice generation and over-trust in model output because the advisory behavior is hidden inside an analysis skill.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The PEG calculation function documents growth input as a percentage value (e.g. 15 for 15%), but the code multiplies the provided input by 100 and the example passes 0.06. This inconsistent contract can easily cause downstream tools or users to supply the wrong unit, producing materially incorrect valuation outputs and misleading investment analysis.

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
The ROE-adjusted PEG logic and its explanatory example are inconsistent: the implemented premium formula yields a different ceiling than the narrative suggests. This is a specification/implementation mismatch that can silently change whether a stock is labeled 'reasonable' or 'overpriced,' undermining trust in the skill's financial recommendations.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The peer-comparison function is presented as usable analysis code, but it references inconsistent variable names such as `可比公司ROE_list` versus `可比公司ROE_list`/`可比公司PEG_list`, causing runtime failure or incorrect percentile comparisons. In a financial-analysis skill, broken comparison logic can prevent validation against peers or generate wrong relative-position conclusions that users may rely on.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The appendix presents ROIC calculations that materially conflict with earlier examples and with the stated averaging formula, including different average invested capital and ROIC outputs for the same 2023 case. In a financial-analysis skill, such internal inconsistency can mislead downstream users or agents into producing incorrect valuation, EVA, or investment conclusions, so this is a real integrity vulnerability even though it is not classic code execution.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill gives conflicting WACC outputs for the same company and timeframe, including materially different debt assumptions, tax rates, capital structures, and final WACC values. In a financial-analysis skill, such inconsistencies can mislead downstream valuation or investment decisions by causing users or agents to rely on an arbitrary result presented as authoritative.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The document states that market values should be used instead of book values, but later recommends target capital structure or other alternatives in a way that is not clearly framed as a modeling choice. This contradiction can cause inconsistent implementation across users or automated agents, producing biased WACC estimates and unreliable valuations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's 'Use when' guidance is broad enough to trigger on many ordinary financial-analysis tasks, creating unnecessary over-invocation and increasing the chance the agent applies this workflow when the user did not specifically request audit-report analysis. In a financial analysis pipeline, this can bias downstream decisions, waste context budget, and cause the model to over-weight audit heuristics in situations where other analyses are more appropriate.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill description is written to operate in Chinese without offering language negotiation or documenting that the skill is limited to Chinese-language filings. This can cause the agent to respond in the wrong language or mishandle non-Chinese user requests, reducing usability and potentially introducing interpretation errors in multilingual financial analysis contexts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill provides concrete investment-oriented analysis and even '支持买入' style recommendations before clearly presenting a non-advisory warning, which only appears at the end. In an agent setting, this increases the risk that users treat the output as actionable financial advice without seeing appropriate limitations, suitability caveats, or uncertainty disclosures.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill metadata and content are written entirely in Chinese and do not indicate any mechanism to adapt to the user's preferred language. In an agent setting, forcing a single language can degrade user understanding, obscure important caveats, and increase the chance that downstream outputs are misinterpreted or used without informed review.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill is written entirely in Chinese and prescribes Chinese-language instructions/output without offering any mechanism to adapt to the user's preferred language. In an agent setting, this can override user expectations, reduce transparency, and cause misunderstandings or faulty downstream use when other components or users expect another language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal