ClawHub

Ceo Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CEO advisory skill with disclosed local strategy and financial analysis scripts, and no evidence of hidden access, exfiltration, persistence, or destructive behavior.

Install this if you want CEO-level strategic, board, investor, culture, and financial-scenario guidance that may read local company context when available. Avoid providing confidential business details unless they are necessary, and independently verify financial, legal, fundraising, or governance recommendations before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a mismatch because while part of the code aligns with executive strategy and organizational analysis (the strategy analyzer), a substantial portion of the skill performs specific financial modeling and investment-style scenario analysis that is not represented in the declared description. The description focuses on leadership guidance, stakeholder management, board presentations, investors, culture, and executive decision-making, but does not disclose that the skill directly computes financial forecasts, valuation-oriented metrics, and scenario-based returns. There is no evidence of hidden external access or permissions misuse, but the code's primary behavior is broader and materially more finance-analytic than the description claims.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description says to use the skill for broad topics like 'planning strategy' and whenever the user mentions terms such as 'strategy,' 'organizational leadership,' or 'executive strategy.' These phrases are common in many business discussions and the file does not provide clear boundaries or negative examples to distinguish when this skill should activate versus more specialized alternatives.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal