ClawHub

Ai Summary B037a3

Security checks across malware telemetry and agentic risk

Overview

This is a simple summary-writing guidance skill with overly broad activation words but no code, data access, persistence, or hidden actions.

Safe to install if you want a lightweight summary-writing prompt. Be aware it may activate on common words like Summary, Writing, Learn, or AI, so prefer invoking it by its exact name when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger field includes very generic terms such as "Summary" and "Writing," which are common in ordinary user conversations and can cause the skill to activate unintentionally. In an agent environment, overly broad activation increases the chance of context hijacking, unintended tool invocation, or the model prioritizing this skill when the user did not request it.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger scenario section allows activation on broad conditions like a user saying "Summary" or generally needing related help, which is too ambiguous for safe routing. This makes the skill easier to invoke accidentally during normal discussion, increasing the attack surface for prompt collisions and unintended behavior.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The merged skill block introduces another generic trigger, including "AI," which is extremely broad and likely to overlap with many unrelated requests. Because this appears in a merged section, it can silently expand activation scope beyond the primary skill definition and make misfires more frequent and harder to audit.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal