ClawHub

Auto Insight Engine 5ec95c

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable guide skill, but its scope is confused across unrelated “Insight” products and could trigger for broad Revit requests with misleading guidance.

Install only if you specifically want a rough, video-derived guide and are prepared to verify the product context yourself. Avoid relying on it for authoritative Revit Insight, Cognex In-Sight, EEG, or camera setup instructions until the publisher narrows the scope and removes unrelated sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill presents itself as a Revit Insight tutorial, but the referenced and merged sources span unrelated 'Insight' topics including EEG headsets, machine vision software, and autonomous cameras. This mismatch can cause the agent to activate in the wrong context and provide misleading or unsafe guidance because users may believe they are receiving domain-specific Revit help when the content actually derives from unrelated tools.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The document claims to focus on Revit Insight, but it aggregates several semantically unrelated 'Insight' materials solely based on keyword overlap. In an agent setting, this creates prompt/data poisoning risk at the knowledge layer: the skill may confidently answer with instructions from the wrong product family, reducing reliability and potentially causing harmful operational mistakes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to match generic terms like 'revit' or 'auto-insight-engine', which can invoke this skill for requests that are unrelated or only partially related. Because the skill content is already domain-confused, broad activation increases the chance of accidental takeover and delivery of incorrect guidance in normal user workflows.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest trigger string combines several ambiguous terms with slashes and does not clearly scope which product or workflow the skill serves. Ambiguous triggers make unintended activation more likely, and in this file that risk is amplified by the mixed-source content behind the skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal