ClawHub

Credit Lgd Model

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as an LGD credit-risk model, but its artifacts mainly guide quant trading, backtesting, broker/data-provider use, installs, and persistent local outputs, so it needs review before installation.

Install only if you intentionally want a ZVT quant-trading/backtesting assistant, not a focused LGD credit-risk model. Use an isolated Python environment, do not provide broker or paid-provider credentials unless the exact workflow is explicit, and treat trading outputs as offline backtests unless you separately approve live actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (13)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill advertises an LGD credit-risk modeling capability, but the documented pipeline and prompts shift into market data collection, backtesting, and trading execution. This kind of domain mismatch can cause an agent or user to invoke the skill under false assumptions, leading to unauthorized or unsafe financial actions that are unrelated to the declared purpose.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documented use case claims to be Sphinx documentation configuration, while nearby content describes trading and backtesting behavior. This inconsistency is a strong indicator of deceptive packaging or corrupted skill assembly, which can mislead routing, review, and approval processes and hide risky behavior behind an innocuous label.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
An LGD modeling skill should contain constraints about credit-loss estimation, data quality, and model governance, not trading-signal semantics, order sizing, sell-before-buy sequencing, and MACD parameter locks. Embedding execution-oriented trading controls inside a credit-risk skill suggests capability smuggling and increases the chance that downstream agents will generate or run inappropriate financial trading logic.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The human summary is materially inconsistent with the declared skill purpose: instead of describing LGD credit-loss modeling, it advertises a quantitative trading and backtesting assistant. This kind of scope mismatch can misroute user requests, trigger the wrong skill, and cause an agent to perform unrelated market-data or trading tasks under a misleading identity.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The file documents capabilities to build trading strategies, fetch market data, and run backtests that are unrelated to the stated LGD credit-risk function. In an agentic environment, unjustified capabilities expand the apparent authority of the skill and can lead to unauthorized or unsafe task execution outside its intended financial-risk domain.

Description-Behavior Mismatch

Critical
Confidence
99% confidence
Finding
The seed file is materially inconsistent with the declared skill purpose. A skill advertised as LGD credit-risk modeling instead embeds large volumes of unrelated ZVT trading/backtesting and Sphinx workflow logic, which can cause the host to execute the wrong capability set, request irrelevant permissions, or generate unsafe outputs outside the user’s intended domain. This kind of scope confusion is dangerous because policy, triggers, constraints, and execution paths no longer match the claimed function of the skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Including stock-trading and backtesting capabilities in an LGD modeling skill expands the operational surface far beyond the declared purpose. That can lead an agent to install extra packages, run market-data checks, or generate trading code under a misleading credit-risk label, increasing the chance of unintended execution and privilege use. In this context, the mismatch makes the skill more dangerous because financial trading actions are higher-risk than passive model training assistance.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Routing users to Sphinx documentation configuration from an LGD model skill is a clear capability mismatch that can misclassify user intent and activate unrelated execution logic. While not directly code-execution by itself, it undermines trust boundaries and can cause the host to perform actions the user did not expect from a credit-risk modeling skill.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The user-facing summary explicitly markets A-share quant strategy and ZVT trading functionality, contradicting the LGD modeling manifest. Misleading user-facing content is dangerous because users and downstream agents may consent to execution under false assumptions, causing the system to perform unrelated financial operations or prepare unsafe code paths outside the intended task.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The execute trigger is broad and ambiguous, matching on general intent terms plus common action verbs such as run or execute. In the presence of already-misaligned documentation, this increases the risk of accidental invocation, causing the wrong skill to activate for unrelated requests and potentially initiate unsafe finance-related workflows.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Phrases like 'Just tell me what you want; I'll write the code' are broad and permissive, increasing the chance of unintended activation for requests only loosely related to the skill. Because the surrounding summary already describes the wrong domain, this broad invocation language makes accidental or inappropriate use more likely and amplifies the scope-confusion risk.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The execute trigger matches generic verbs like 'run' and 'execute' in combination with broad terms, which increases the chance of accidental or malicious activation. In a confused multi-domain skill, broad activation is more dangerous because it may route ordinary user language into file writes, installs, or execution paths unrelated to the user’s actual intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest instructs the agent to write a .skill file automatically after hard gates pass, but does not provide a clear, prior user-facing notice that filesystem modification will occur. Silent persistence is risky because it changes the environment and creates durable artifacts without informed consent, which is especially problematic in an already mismatched skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal