ClawHub

Cro Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CRO advisory skill that analyzes revenue data locally, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable with the skill reading an existing company-context.md file and analyzing sensitive revenue or customer CSVs locally. Provide only the business data needed for the requested forecast, churn, pricing, or retention analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read `company-context.md` and references multiple local files, which implies file-read capability, but no permissions are explicitly declared in the metadata. Undeclared capabilities create a trust and governance gap: the platform or user may not realize the skill can access local context files, increasing the risk of unintended data exposure or policy bypass.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description includes many generic business terms like pricing strategy, ARR growth, churn, and sales capacity, which can cause the skill to trigger in broad contexts beyond a narrowly intended CRO workflow. Over-broad activation can route unrelated prompts into this skill, increasing the chance of irrelevant instructions, unnecessary file reads, or accidental exposure of internal business context.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The proactive trigger section tells the skill to surface issues 'without being asked' when detected in company context, but does not define limits on when this should happen or what data sources may be inspected to detect them. That ambiguity can lead to unsolicited analysis, over-collection from contextual files, and disclosure of sensitive commercial risks in situations where the user did not request such output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal