ClawHub
Back to skill

Security audit

Bill Ackman Investing Skill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Bill Ackman investing persona skill with broad finance triggers but no hidden code, credential access, persistence, or trading mechanism.

Install only if you want an opinionated Bill Ackman-style investing framework. Treat outputs as financial commentary, not personalized investment advice, and require explicit user confirmation before any separate agent or tool acts on trades, purchases, or financial account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad terms such as "value investing," "high conviction," "corporate governance," and "fee structure" that can appear in many unrelated finance discussions. This can cause the skill to activate outside its intended Bill Ackman/Pershing Square context, leading to unintended persona steering and investment-style guidance being injected into responses where it may be inappropriate or misleading.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes generic phrases such as "activist investing," "high conviction investing," and "value investing," which are broad enough to activate this persona on ordinary finance queries unrelated to Bill Ackman. In a skill-routing system, this can cause unintended interception of user requests, reducing response integrity and potentially steering users into a narrow persona or investment framing they did not ask for.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal