ClawHub
Back to skill

Security audit

Trading Agents多智能体量化交易

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese educational trading guide with no code or account access, but users should treat it as investment education only.

Install only if you can comfortably read Chinese financial guidance. Do not treat the skill as investment advice, and do not provide broker credentials or enable real trading based on it without independent review, simulation testing, and compliance checks for your jurisdiction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger examples are broad enough to activate on common investing questions such as 'AI 量化交易怎么做' or '帮我选股', which are generic financial-chat requests rather than an explicit request for this specific skill. Over-broad activation can cause the assistant to enter specialized trading guidance unexpectedly, increasing the chance of unrequested financial advice and inappropriate tool/skill routing in normal conversations.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill content is written entirely in Chinese without a language-choice mechanism or documented locale restriction, which can cause users or downstream systems to misunderstand capabilities, risks, and compliance limitations. In a financial/trading context, language mismatch is more sensitive because misunderstanding strategy guidance, platform recommendations, or compliance notes can lead to user harm or misapplication.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.