ClawHub

Stock Screener

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-screening skill with overly broad trigger wording, but no evidence of hidden code, credential access, trading authority, persistence, or data exfiltration.

Use this skill only for stock-screening research and verify market data independently. Do not treat its rankings as financial advice, and do not provide brokerage credentials or private account information. If it activates on a general "help me find" request, confirm that you actually intended a stock-screening workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad enough to activate on general finance conversations such as '选股' or '筛选股票' without clearly constraining when the skill should be invoked. In a finance context, over-broad routing can cause the agent to enter an investment-screening workflow unexpectedly, producing unsolicited or inappropriately scoped stock suggestions and increasing the chance of user confusion or reliance on screening output.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "帮我找" is overly generic and can match many unrelated user requests, causing this investment skill to activate outside its intended scope. In a financial context, unintended invocation is risky because it may steer conversations toward stock recommendations or market-related actions when the user did not explicitly request securities screening.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal