ClawHub

Company Research (CN)

Security checks across malware telemetry and agentic risk

Overview

This is a company-research skill, but it should go to Review because it also asks agents to give concrete investment actions and to persist sensitive research history by default.

Install only if you are comfortable reviewing or editing the skill first. Before use, require explicit user confirmation for any investment-related output, remove or disable buy/sell/position-sizing instructions unless governed by a compliant financial-advice workflow, and make memory archival opt-in with redaction for confidential targets, requester names, internal links, portfolio details, and deal context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata explicitly says it is not for investment reports, but the workflow enables investment-oriented outputs and activates a multi-role decision pipeline when users ask for buy/sell/hold advice. This creates a policy-boundary mismatch that can cause the agent to provide regulated or high-risk financial guidance in contexts where the enclosing system and user may reasonably expect such behavior to be disallowed.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The CIO stage instructs the agent to output specific trading actions, position sizing, execution windows, and stop-loss conditions. That goes beyond generic company research and crosses into actionable investment advice, which is especially risky because the same skill description says investment-report usage is out of scope, increasing the chance of unsafe activation and misuse.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill mandates writing research summaries, boundaries, links, source summaries, and initiator information into persistent memory without any visible requirement to obtain user consent or provide notice. Persisting task context by default can retain sensitive corporate diligence details, internal links, or user-associated research topics beyond the immediate session.

Ssd 3

Medium
Confidence
91% confidence
Finding
Mandatory memory archival of report topics, research boundaries, data sources, links, and initiator metadata creates a persistence channel for potentially sensitive research and due-diligence context. In a company-research skill, this is more dangerous because users may provide confidential targets, investment theses, interview plans, or nonpublic business context that should not be retained beyond the task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal