ClawHub

Beijing Tech Finance

Security checks across malware telemetry and agentic risk

Overview

This skill does not show malware behavior, but it overstates finance capabilities and includes a budget monitor that produces simulated random expense data without clear user-facing labeling.

Install only if you want finance reference material and local demo calculators. Do not rely on it for live budget monitoring, tax filing, payroll, customs, statutory reporting, or compliance decisions unless outputs are verified against current official sources and qualified finance/tax professionals; replace or disable the mock budget expense source before operational use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill markets itself as a comprehensive financial management system for sensitive finance, tax, compliance, and reporting workflows, but the described implementation does not actually provide those capabilities. In a financial context, this mismatch is dangerous because users may rely on incomplete or simulated functionality for tax, accounting, reimbursement, or compliance decisions, leading to regulatory violations, financial loss, or disclosure of sensitive data to an unfit tool.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script advertises real-time budget monitoring and alerts, but it only performs a one-time local calculation and does not ingest live financial data. In a finance skill, this mismatch can mislead users into relying on stale or fabricated monitoring results for spending control, potentially causing missed overruns, incorrect approvals, or compliance failures.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The function that is supposed to retrieve actual expenses returns randomized mock values, while comments imply it should use a real financial API or database. In the context of budget control for a Beijing technology company, this can directly produce false budget utilization and warning levels, creating operational and financial risk if users act on the output as if it were real.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation language is extremely broad for finance-related requests, which can cause the skill to trigger in many sensitive situations involving budgets, tax, payroll, contracts, and compliance. In a high-risk domain like corporate finance, overbroad routing increases the chance that users are steered into a generic or incomplete skill for regulated tasks, producing incorrect guidance or inappropriate handling of confidential financial information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal