ClawHub

DevRel & Developer Advocacy Engine

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only DevRel strategy skill with disclosed advisory content and no evidence of code execution, credential use, persistence, or hidden data access.

This skill is reasonable to install for DevRel planning and strategy work. Be aware that some example invocation phrases are broad, so in environments with automatic skill routing you may want to invoke it explicitly by name when you intend to use it. The README also includes promotional links to related AfrexAI resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The command list includes very generic natural-language triggers such as 'Create DevRel strategy' and similar phrases that could plausibly appear in ordinary user conversation. If the platform auto-selects skills based on loose semantic matching, this skill may activate unintentionally and handle requests the user did not explicitly route to it, causing prompt-scope confusion and incorrect delegation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The listed commands are short and ambiguous, including phrases like 'Set up community', 'Open source strategy', and 'Build developer funnel', which overlap with common planning language outside this exact skill domain. In systems that route by natural-language matching, ambiguous triggers increase the chance of accidental invocation or cross-skill hijacking, especially when multiple business/planning skills are installed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal