ClawHub

Conversion Copywriting Engine

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only marketing copywriting skill with no hidden execution or data access, though users should be careful with customer research and regulated claims.

Install this if you want conversion-focused marketing help. Do not paste raw support tickets, call transcripts, surveys, customer records, secrets, or regulated personal data unless you are authorized to use them; anonymize sensitive details. Fact-check testimonials, guarantees, scarcity, healthcare, legal, financial, and other compliance-sensitive claims before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is very broad ('write or review any copy meant to drive action'), which can cause the agent to invoke this skill for a wide range of generic writing or review requests beyond a narrowly scoped domain. Over-broad activation increases the chance of prompt hijacking, unintended routing, or the skill being applied in contexts such as political, financial, or otherwise sensitive persuasion tasks without explicit guardrails.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The natural-language commands are open-ended and highly generic, such as 'Write a landing page' or 'Rewrite this copy to convert better,' with no trigger constraints, safety boundaries, or negative examples. This makes accidental or adversarial invocation more likely and could enable the skill to assist with manipulative or regulated persuasive content in contexts where additional review or policy checks are needed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal