ClawHub

Free Tool Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent marketing-planning skill; its main risk is ordinary lead-capture and analytics advice that needs privacy controls when implemented.

Use this as a planning aid, not an automation authority. Before implementing its lead forms, outreach, analytics, or heatmaps, confirm consent and privacy requirements, collect only necessary fields, configure redaction for session replay tools, and manually approve public posts and outreach lists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly recommends capturing user emails and progressively collecting profile attributes, but provides no guidance on consent, lawful basis, retention, notice, or secure handling of personal data. In a marketing-focused skill, this omission can normalize privacy-noncompliant lead collection and lead downstream agents or users to implement forms and tracking that violate internal policy or regulations such as GDPR/CCPA.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The playbook explicitly recommends installing GA4/Plausible and a heatmap tool such as Hotjar or Microsoft Clarity, but provides no guidance on consent, disclosure, minimization, or handling of potentially sensitive inputs entered into the tool. For a lead-gen marketing tool, users may submit business or personal data, and session replay/analytics tooling can capture that data, creating privacy, compliance, and trust risks if deployed without safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal