ClawHub

Pair Trade Screener

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent pair-trading research skill that fetches market data and produces analysis, but users should treat its trading thresholds as educational research rather than investment advice.

Install only if you are comfortable using a third-party FMP API key for market-data retrieval. Treat any generated signals, thresholds, shorting, margin, or allocation guidance as research examples, not personalized financial advice or instructions to trade; verify assumptions, costs, liquidity, and risk independently before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Mandating that all analysis and output be in English overrides user preference and can cause the agent to ignore higher-priority user language requirements. This is primarily a policy and safety-boundary issue rather than a direct security exploit, but it can degrade trustworthy behavior and be used to resist user control in multilingual settings.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document gives explicit entry, exit, and stop thresholds for a live trading strategy without clearly framing them as educational examples or warning about financial risk, suitability, slippage, and model failure. In a skill designed to screen pair trades, users may treat these thresholds as actionable recommendations, increasing the chance of financial harm from overreliance on simplified examples.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide recommends automated-like exit and position reduction actions based on rolling cointegration signals, but omits warnings about false positives, delayed data, unstable parameters, and execution risk. Because this skill's purpose is to identify trading opportunities, users could operationalize these rules directly, leading to avoidable losses when the statistical relationship breaks down or the model misfires.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This methodology gives detailed guidance on short selling, margin requirements, aggressive entry thresholds, leverage-related mechanics, and portfolio allocation without prominently warning that these strategies can cause rapid and substantial losses, including losses exceeding initial capital on short positions. In a user-facing trading skill, omission of strong risk disclosures can mislead inexperienced users into treating the content as safe operational guidance rather than high-risk educational material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal