ClawHub

a-stock-review

Security checks across malware telemetry and agentic risk

Overview

This is a stock-analysis skill, but it asks the agent to produce trade-ready buy, sell, stop-loss, target, and position guidance without adequate financial-risk boundaries.

Review before installing. Treat any output as research only, not personalized investment advice, and do not trade solely from its recommendations. If you run the scripts, expect third-party market-data network calls and manually verify stock identity, sector data, prices, dates, and source accuracy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs the agent to output execution-ready trading guidance such as buy, add, reduce, stop-loss, and timing decisions, framed as sufficient to place trades, without any risk disclosure or suitability boundary. In a financial context this is especially dangerous because users may act on it directly, causing material monetary loss and creating compliance, consumer-protection, and unsafe-advice risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section gives concrete position management and tactical execution guidance, including entry, add-on, stop-loss, take-profit, liquidation triggers, and position sizing, again without explicit warnings about financial risk. Because the skill's purpose is stock analysis, the surrounding context makes the advice more likely to be acted upon as real trading instructions, increasing the chance of user harm.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal