ClawHub

MS Research Report

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local DOCX report generator, but it embeds Morgan Stanley branding and default text that can make generated financial reports look institutionally authored.

Review this carefully before installing. It does not show signs of malware-like behavior, but generated reports may falsely appear to be authentic Morgan Stanley research. Only use it if you will remove or replace the Morgan Stanley source lines, entity defaults, logo text, and disclosures, and clearly label outputs as user-generated templates not affiliated with Morgan Stanley.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The code does not merely mimic a formatting style; it embeds explicit Morgan Stanley branding, institutional authorship language, and disclaimers that state the report was prepared by Morgan Stanley Research. This creates fabricated provenance and can mislead recipients into believing the document is an authentic sell-side report from a regulated financial institution, enabling impersonation, fraud, or compliance violations.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The default source attribution of 'Source: Morgan Stanley Research' inserts false provenance throughout generated charts and exhibits even when no such source exists. Repeated fabricated sourcing increases credibility of misleading content and can be used to support social engineering, investor deception, or trademark misuse.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The disclosure section generates full Morgan Stanley-specific legal and institutional boilerplate, presenting the output as an authentic institutional research note rather than a generic styled document. In a stock research skill, this is especially dangerous because readers may rely on the perceived authority, regulatory status, and distribution legitimacy of the forged report.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation description is very broad, covering many generic report-generation and investment-document scenarios, which can cause the agent to select this skill for loosely related prompts. Over-broad routing increases the chance of unintended use, including processing sensitive financial data or producing misleading branded output when a simpler or safer skill would be more appropriate.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal