ClawHub

Investment Research OS

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed investment-research prompt skill that fetches public financial data and saves reports, with privacy and financial-advice caveats users should understand.

Install only if you are comfortable with an investment assistant using external financial/web data sources and saving research files locally. Treat outputs as research support, not financial advice, and use explicit prompts or confirmations before running full research on sensitive targets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The prompt explicitly requires every conclusion to be traceable to a source, but the output template repeats summary rows without source links, creating an internal contradiction. In an investment-decision skill, this can cause the model to emit unsupported conclusions that appear authoritative, weakening auditability and increasing the risk of fabricated or unverified claims being used in financial decisions.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger conditions are broad enough that normal conversation containing generic phrases like '投资分析' or '研究XXX' could activate the skill unexpectedly. In this context, accidental invocation is more dangerous because the skill can initiate external data fetching and write research artifacts to files, creating unintended network access and persistence from an ambiguous user request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that research outputs are written to local files but does not require clear user notice or consent before persisting content. This is dangerous because user prompts, derived analysis, and potentially sensitive financial interests or proprietary targets may be stored unexpectedly, increasing privacy, retention, and cross-session exposure risks.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The quickstart encourages broad natural-language invocation such as asking to 'research' a company, which can cause the skill to activate unintentionally in ambiguous conversations. In a skill that performs external data gathering and writes output files, accidental invocation can trigger unnecessary network access, data collection, and local artifact generation without clear user intent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The quickstart invites users to issue a natural-language request and states that the system will execute the full research flow, but it does not warn that reports are saved locally. This can expose sensitive research topics, investment interests, or user-provided questions in persistent local files, especially on shared machines or managed workspaces.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow description highlights multiple external data sources but omits a privacy warning that user queries and derived research activity may result in outbound network access. In an investment-research context, even the target company or thesis can be commercially sensitive, so silent external calls increase confidentiality and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal