ClawHub
Back to skill

Security audit

Revelata DeepKPI Financial Analysis Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed finance research skill that uses Revelata deepKPI APIs and can create report files, with no evidence of hidden, destructive, or unrelated behavior.

Install this only if you intend to use Revelata deepKPI and trust the publisher with your research queries. Use a dedicated API key if possible, monitor credit usage, and avoid uploading sensitive analyst reports unless you are comfortable with the workflow creating local HTML outputs and sending related company/KPI queries to Revelata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description contains broad trigger phrases such as general investment and research requests (e.g. 'what should I invest in?', 'interesting companies', peers, benchmarks, summaries) that can cause the skill to activate for loosely related prompts outside a narrowly bounded financial-data workflow. Over-broad invocation increases the chance the wrong skill handles a user request, leading to unintended access to external APIs, disclosure of proprietary outputs, or policy bypass through misrouting.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include broad terms like "critically analyze," "fact-check," "challenge," and PDF upload + request for a second opinion, which can match many ordinary user requests beyond the narrow intended use case. This can cause unintended invocation of a high-action skill that reads uploaded reports, pulls external data, and generates files, increasing the chance of surprising behavior and over-collection/processing.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The markdown trigger section repeats ambiguous activation rules using generic phrases such as "critical analysis," "counterpoints," and "second opinion" for a sell-side PDF. Repetition of broad conditions without hard boundaries makes accidental triggering more likely and can route unrelated documents into a workflow that performs external lookups and automatic artifact generation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to automatically build and save an HTML report without warning or confirmation. Automatic file creation is a side effect that may surprise users, create unwanted artifacts containing sensitive uploaded-report content, and reduce opportunities for the user to choose a safer or simpler output format.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The eval prompt explicitly says the skill should recognize a broad, paraphrased request ('critically analyze the key arguments and pull actual SEC data') as a pressure-test invocation even without the exact trigger phrase. That broad activation language can cause the skill to fire on loosely related analyst-review tasks, increasing the chance of unintended tool use, misrouting, or processing sensitive uploaded documents when the user did not intend to invoke this specific workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to send user-supplied company queries and other request parameters to an external Revelata API using an API key, but it does not warn that prompts and identifiers will leave the local environment. This creates a real data-transmission risk because users may provide sensitive research context or proprietary company lists without understanding they are being sent to a third party.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger criteria are intentionally broad and designed to activate on generic phrases like 'what's interesting right now?' or observations from everyday life. In an agentic environment, this can cause over-triggering, intercept unrelated conversations, and route users into a finance-oriented workflow they did not intend, increasing the chance of inappropriate data collection, misrouting, or policy violations around financial guidance.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The template explicitly instructs users to use a curl-based install flow for an external script, but it provides no warning about reviewing the script, pinning versions, or verifying integrity before execution. That creates a supply-chain risk: if the remote script or hosting path is compromised, users may execute arbitrary code on their machines.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill defines very broad trigger phrases such as general modeling and research language, which can cause the skill to activate in situations the user did not clearly intend. In a credentialed data-access skill, overbroad invocation increases the chance of unnecessary external API calls, unintended data retrieval, and routing the conversation away from a more appropriate skill.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill instructs the agent to use a credentialed REST API via $DEEPKPI_API_KEY and make outbound network requests, but it does not require transparent user notice or consent before doing so. That creates a privacy and operational risk because the user may not realize their query is being sent to an external service using privileged credentials.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad natural-language phrases such as “what did they say,” “MD&A,” and “risk factors,” which can match many ordinary finance or research requests that do not clearly require this specific skill. Overbroad invocation can cause the agent to route users into a costly SEC-filing retrieval workflow unnecessarily, increasing the chance of unintended tool use, excess credit spend, and disclosure of large filing text when a narrower answer would suffice.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.