ClawHub

legacy modernization

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation-only modernization planning skill, with no evidence of hidden execution, data theft, or destructive behavior.

Review the trigger wording before installing if you use many similar planning skills, because it may activate on broad modernization requests. The available evidence supports benign use as a planning aid, not as an automated migration or system-changing tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrase "Assess this system for modernization" is broad, natural-language, and likely to overlap with ordinary user requests, which can cause the skill to trigger unintentionally. Because this skill appears to drive strategic analysis and recommendations across architecture, cloud migration, and modernization planning, accidental invocation could steer agent behavior unexpectedly or override a more appropriate skill selection path.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal