ClawHub

stock-roundtable

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese stock research skill that asks for real-time public web research and structured debate, without installing code, using credentials, trading accounts, or persistent access.

Install this only if you want a Chinese-language workflow for stock and ETF research. Treat outputs as research support, not licensed financial advice, verify cited sources yourself, and avoid sharing sensitive portfolio details that you would not want included in search or agent logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill defines broad trigger phrases such as generic requests for analysis or quick opinions, which can overlap with ordinary conversation and cause the skill to activate when the user did not intend a finance-specific workflow. In this context, accidental activation is more concerning because the skill may steer users into investment-oriented discussion with real-time research framing, creating confusion, inappropriate financial guidance flow, or unnecessary data/tool usage.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill description and operating instructions are effectively fixed to Chinese without any language negotiation or fallback behavior. This can cause misinterpretation, incorrect activation for non-Chinese-speaking users, and degraded safety because users may not understand disclaimers, assumptions, or constraints in a finance-related workflow.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file defines all output templates in Chinese and does not indicate that language should be selected based on user preference. In a general-purpose agent skill, this can override or ignore the user's requested language, causing policy non-compliance, poor UX, and potential confusion in downstream workflows that expect another language.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal