ClawHub

Economic Dashboard

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because a macroeconomic dashboard is documented with trading, backtesting, credential, package-install, data-deletion, and skill-writing behaviors that are not cleanly scoped.

Install only if you intentionally want a finance/quant workflow, not just a passive economic dashboard. Use a virtual environment, pin packages, avoid broker/live-trading credentials unless explicitly needed, review where API keys and .zvt data are stored, and require manual confirmation before cleanup, file moves, scheduled jobs, generated code, or any trading-related action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (28)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The skill is presented as a macroeconomic dashboard, but its documented pipeline explicitly includes target selection and trading execution. This scope expansion can cause users or calling systems to invoke trading-capable behavior without informed consent, creating a dangerous mismatch between declared purpose and operational behavior.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The prompts and workflow guidance ask for market, broker/data provider, strategy type, backtest range, and target securities, which materially exceeds a dashboard/data-refresh tool and enters portfolio/trading orchestration. In an agent environment, this can steer ordinary analytics requests into sensitive financial actions or recommendations without sufficient disclosure or authorization boundaries.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Semantic locks for sell-before-buy, next-bar execution, signal schema, and MACD parameters show the skill is designed to support trading logic despite being advertised as a dashboard. Even if framed as safeguards, these controls normalize hidden execution-oriented behavior and increase the chance that downstream systems treat the skill as safe for non-trading contexts.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The same file claims a dashboard-focused purpose while also documenting a pipeline that culminates in trading execution. This internal contradiction undermines user trust, weakens policy enforcement, and can bypass capability-based safeguards that rely on the declared description.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The human summary describes a quant trading and backtesting assistant, while the declared skill is a macroeconomic dashboard for data visualization and storage. This capability mismatch can mislead users and downstream agents into invoking the skill for unintended high-risk financial activities, effectively expanding the skill's operational scope without corresponding review or controls.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Advertising the ability to build trading strategies and run backtests is unjustified for a macroeconomic dashboard skill and can induce unauthorized or unsafe use. In agent ecosystems, this kind of overclaimed capability is dangerous because planners may trust the summary and route sensitive financial-analysis tasks to a skill that was not designed, permissioned, or validated for them.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file’s semantic locks and preconditions define stock trading and backtesting behavior that is unrelated to the declared purpose of a global macroeconomic dashboard. This kind of capability mismatch is dangerous because it can smuggle in higher-risk financial execution logic, misleading reviewers and potentially causing downstream agents or operators to perform unintended market-data initialization or trading-oriented workflows.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The file introduces securities trading concepts such as sell/buy order sequencing, transaction costs, T+1 settlement, and factor pipeline rules even though the skill is presented as an economic dashboard. In this context, the hidden expansion of capability is risky because it may induce an agent to reason about or automate trading actions under false pretenses, increasing the chance of unauthorized financial operations or unsafe dependency use.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The preconditions require installing and initializing zvt, checking market kdata, and running a stock recorder for a specific equity symbol, none of which is justified by a macroeconomic dashboard description. This is dangerous because it expands the environment setup into market-data collection and persistence workflows, potentially causing unnecessary system modification, unauthorized data ingestion, or confusion about the skill’s true purpose.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documented use case expands the skill from a macroeconomic dashboard into news article collection, stock-symbol sentiment analysis, and Google Trends gathering, which is a meaningful scope change from the stated manifest. That mismatch can mislead reviewers and users about what data is collected and processed, increasing the risk of unauthorized surveillance-like collection, unexpected external calls, and policy bypass through documentation-driven feature creep.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The referenced components include insider trading tracking, margin call risk calculation, leverage metrics, and financial health scoring, which extend beyond the declared purpose of a macroeconomic dashboard. This scope mismatch is dangerous because it can conceal higher-risk analytical capabilities from reviewers and users, enabling undisclosed surveillance, regulated-finance decision support, or inappropriate downstream use under a benign-looking skill description.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a global macroeconomic dashboard, but the seed materially expands scope into quant strategy generation, backtesting, trading workflow semantics, and ZVT-specific execution scaffolding. This mismatch can cause users or host systems to invoke higher-risk trading/code-generation behaviors they did not consent to, increasing the chance of unsafe execution, destructive actions, or misleading financial outputs under a benign-looking dashboard label.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The public description omits credential-management capabilities even though the seed supports API key setup, storage, and verification. Hidden credential-handling functionality is security-relevant because users may trigger sensitive secret storage or validation flows without understanding that the skill will process and persist credentials.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Trading execution semantics embedded in a skill marketed as a dashboard create dangerous context confusion: users may believe they are only viewing analytics while the skill contains decision logic aligned with order generation and execution constraints. In a financial context, hidden trading-oriented behavior is especially risky because it can influence capital allocation, backtesting claims, and automated workflows far beyond passive visualization.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Including full ML training and stock direction prediction capabilities in a dashboard skill significantly broadens operational and risk exposure beyond passive reporting. In finance, concealed predictive modeling can mislead users into overtrusting outputs, trigger unintended compute-heavy workflows, and blur the boundary between informational dashboards and investment-decision tooling.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Backtest and strategy code-generation scaffolding is unrelated to the stated dashboard purpose and introduces a much more powerful execution surface, including file writes and runnable outputs. Hidden code-generation capability is dangerous because it can produce scripts that users execute under false assumptions about the skill's scope, especially in a finance setting where look-ahead bias, trading claims, and destructive file operations matter.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
Post-install and human-facing messaging explicitly market the skill as an A-share quant strategy builder with ZVT, directly contradicting the declared economic-dashboard purpose. This inconsistency is dangerous because users and orchestrators rely on metadata and installation messaging to assess risk; contradictory documentation can be used to smuggle higher-risk financial automation into a lower-risk dashboard category.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Broad trigger terms such as backup, snapshot, parquet, vacuum, optimize, refresh data, and daily update are common operational phrases that may match many benign user requests. In an autonomous skill-routing context, this increases the risk of accidental activation of a skill whose actual scope includes more sensitive finance/trading-adjacent functionality.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The execution condition activates when intent loosely matches positive terms and the user uses a generic action verb like run, execute, fetch, or collect. This ambiguity is risky because ordinary requests containing those verbs may unintentionally trigger a sensitive skill path, especially in multilingual agent systems.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description does not clearly warn users that some documented flows involve backtesting and trading execution. For finance-related skills, omission of this warning is dangerous because users may grant access or proceed under the mistaken belief that the skill is read-only and limited to dashboard visualization.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The use case describes archiving and deleting older records from main tables, but the documentation does not warn that running the related script modifies and removes data. Even though this is only documentation, the omission can lead operators to execute destructive maintenance tasks without understanding retention consequences, causing data loss or accidental deletion of needed records.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger terms increase the chance that ordinary user language accidentally routes into an execution path, especially in a skill that includes file operations, refresh workflows, and code-generation-adjacent behavior. In this context, mistaken invocation is more dangerous than usual because the skill scope is already overly broad and includes sensitive or destructive capabilities.

Vague Triggers

Medium
Confidence
82% confidence
Finding
An ambiguous setup-oriented trigger can overlap with common user requests and unintentionally activate credential or initialization workflows. Because this skill handles secrets and filesystem changes, accidental routing is more harmful than a normal UX issue and can lead to unexpected writes or secret-management flows.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Generic file-management triggers are too broad and may capture benign requests unrelated to this skill, leading to unintended file-moving or organizational actions. Since the skill can manipulate data files and directory structure, overbroad routing can cause unexpected state changes in the workspace.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger term 'offline mode' is highly generic and can match many benign support conversations, causing accidental invocation of sample-data generation or fallback workflows. In this financial skill, that raises the risk of users unknowingly operating on demo/sample data while believing they are discussing live dashboard behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal