ClawHub

Lifelines Survival Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as lifelines survival analysis, but its own instructions repeatedly steer agents toward ZVT quant trading, backtesting, broker/provider use, and local setup.

Install only if you intentionally want the ZVT quant-trading behavior, not just lifelines survival analysis. Do not provide broker, paid-provider, or trading credentials, and do not allow setup or trading-related commands unless you can keep the workflow isolated and simulation-only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (15)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a lifelines-based survival analysis capability, but its pipeline, prompts, and execution model shift into stock trading and backtesting. This capability mismatch can cause an agent to invoke the skill in the wrong context and perform unauthorized or unsafe financial actions under a misleading label.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation is internally contradictory: the title and description describe statistical survival analysis, while later sections instruct the agent to gather market data, backtest, and perform trading execution. Such contradiction is dangerous because routing, user trust, and downstream policy checks may rely on the declared skill identity rather than the hidden operational behavior.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Including `trading_execution` in the pipeline of a survival-analysis skill introduces an unjustified action capability far beyond the declared analytical scope. In an agent ecosystem, this can expand effective privileges and enable high-risk financial actions when a user or orchestrator expects only statistical modeling.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Prompting for brokers, market data providers, strategy types, and target securities is inconsistent with the stated survival-analysis function and can steer the interaction into financial decision support or execution. This broadens the skill's operational scope and increases the chance of accidental or deceptive misuse.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The human summary materially mismatches the declared skill purpose: it advertises ZVT-based quantitative trading, data providers, and backtesting workflows instead of lifelines-based survival analysis. This can cause users or downstream agents to invoke the skill under false assumptions, potentially leading to execution of unintended finance/trading workflows, misuse of tools, or concealment of the skill’s actual behavior.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document mixes survival-analysis use cases with an unrelated ZVT quant-trading assistant pitch, creating contradictory guidance about the skill’s purpose. This ambiguity is dangerous because it increases the chance of incorrect tool selection, prompt routing errors, and user deception about what code or domain-specific actions the skill may perform.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file defines semantic locks and preconditions for a trading system, but the skill metadata claims the skill is for lifelines-based survival analysis. This capability mismatch is dangerous because it can conceal unrelated or unauthorized behavior, mislead reviewers, and cause an agent to perform finance/trading actions or environment checks outside the declared scope.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documented intent in this file is explicitly about trading execution constraints, market data access, and transaction rules, which contradicts the stated survival-analysis functionality. In the context of an analytical skill, this hidden domain shift increases the risk of deceptive packaging, unauthorized operations, and unsafe downstream tool invocation based on misleading documentation.

Description-Behavior Mismatch

Critical
Confidence
99% confidence
Finding
The seed is supposed to define a lifelines survival-analysis skill, but the content is overwhelmingly a ZVT trading/backtesting workflow with market-data collection, execution semantics, hard gates, and trading validation. This is a severe capability mismatch that can cause the host to install packages, request permissions, and execute workflows far outside the declared skill scope, which is especially dangerous because the file repeatedly frames these behaviors as mandatory execution protocol.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This section introduces trading and market-data capabilities such as ZVT installation, data directory initialization, recorder usage, backtesting outputs, and trading-specific architecture that are unjustified for a survival-analysis skill. In context, this is dangerous because users and the host may trust the manifest name/description and unknowingly authorize or run finance/trading operations unrelated to the advertised function.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill embeds order-execution semantics such as sell-before-buy ordering, next-bar execution, trading signals, and T+1 constraints, none of which belong in a survival-analysis tool. These directives can influence host behavior toward brokerage-like or trading automation actions, creating clear out-of-scope operational risk under a misleading skill identity.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The user-facing summary explicitly claims the skill helps build A-share quant strategies with ZVT, directly contradicting the declared lifelines survival-analysis description. This is dangerous because it is a social-engineering layer: it normalizes the hidden domain shift and may induce users to provide trading inputs, install unrelated software, or approve risky execution under false expectations.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The execution trigger activates on loosely defined intent matching plus generic action verbs, which can cause the skill to run when the user is only asking for explanation, comparison, or drafting help. Over-broad activation is especially risky here because the skill content already contains mismatched action-oriented trading behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Some trigger phrases are generic enough to match normal discussion rather than a concrete request to use the skill. While not inherently dangerous alone, generic triggers increase the chance of unintended invocation, especially when combined with the skill's inconsistent and broader-than-declared behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The execute trigger is broad, combining generic action verbs with intent-term matching, which increases the chance that unrelated user requests accidentally trigger execution. In this file, that risk is amplified because the underlying capability set is already misaligned and includes high-impact trading/backtesting workflows, so unintended invocation could activate the wrong domain entirely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal