ClawHub
Back to skill

Security audit

Michael Burry Investing Skill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investing persona skill with financial-risk caveats, but it does not run code, access data, or make trades.

Install only if you want a Michael Burry-inspired investing lens. Treat outputs as educational, not personalized financial advice; verify market claims with current sources and consider narrowing triggers before relying on it in normal finance discussions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill provides detailed investment-analysis guidance, named securities/sectors, and behavioral framing for concentrated contrarian bets without any disclaimer that outputs are informational only and not financial advice. In context, the skill explicitly encourages high-conviction, multi-year, and potentially risky decisions, which can unduly influence users into real trading activity without appropriate caution, suitability checks, or risk warnings.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The triggers include generic investing phrases such as 'value investing', 'contrarian investing', 'margin of safety', and 'short selling' that are commonly used in ordinary financial discussions. This can cause unintended activation of the skill in contexts where the user did not explicitly ask for Michael Burry-specific behavior, leading to prompt hijacking of normal conversations and increased exposure to the skill's instructions.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The standalone trigger 'Cassandra' is highly ambiguous and can refer to many unrelated topics, including people, mythology, software systems, and popular culture. This creates a strong risk of accidental skill invocation in unrelated conversations, which can redirect agent behavior unexpectedly and degrade safety boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal