ClawHub
Back to skill

Security audit

Great People Hedge Fund

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only stock analysis skill that gives investment-style signals, so it should be treated as research rather than financial advice.

Install only if you are comfortable using an LLM key and optional market-data network access. Treat generated signals, position sizes, and entry strategies as informational research, not personalized financial advice, and independently verify data before making investment decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly promises to analyze stocks and generate actionable investment signals, but it does not include any disclaimer that outputs may be inaccurate, incomplete, stale, or not suitable as financial advice. In a finance context, users may reasonably rely on these recommendations for real trades, increasing the chance of financial harm from hallucinated analysis, outdated market data, or overconfident signals.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly produces actionable outputs such as BUY/SELL signals, position sizing, entry strategy, and portfolio allocation without any user-facing disclaimer or safety boundary. This can mislead users into treating the output as personalized financial advice, increasing the risk of harmful financial decisions and downstream compliance or trust issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.