ClawHub

Claw Stock

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese stock-analysis skill with no code, account access, persistence, or trading authority; its main risk is broad activation wording and reliance on users verifying financial data.

Install this only if you want Chinese-language stock analysis. Treat scores and conclusions as educational, verify prices, filings, and news from reliable sources, and be aware that broad phrases may trigger the skill when you meant something non-financial.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples include very generic phrases like '分析一下', '看看这只', and '打个分', which can overlap with ordinary conversation and cause the skill to trigger when the user did not clearly request stock analysis. In a finance context, unintended activation is more sensitive because it can steer users into receiving investment-style output in situations where they may have wanted neutral conversation or broader market discussion.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger definition is overly broad: phrases like '分析一下', '看看这只', '打个分', and '怎么看' are common conversational language and can cause the stock skill to activate outside clearly stock-specific contexts. In an agent system, this creates routing confusion and prompt-scope capture, where unrelated user requests may be misdirected into financial-analysis behavior, increasing the chance of inappropriate advice or interference with other skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal