ClawHub

Launch Strategy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a launch-planning prompt skill with some overly eager routing instructions, but no evidence of hidden code, data access, persistence, credential use, or destructive behavior.

Safe to install as a planning aid, but expect it may be over-eager when launch, ship-date, announcement, or Product Hunt terms come up. Review its trigger wording if you want fewer unsolicited launch-planning pivots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation description is broad enough to match casual mentions of terms like 'launch,' 'announcement,' or 'product update' outside a true request for launch-planning help. This can cause unintended skill invocation, leading the agent to shift context, ask irrelevant questions, or override a more appropriate skill, which is a genuine prompt-routing weakness even if not directly malicious.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to 'immediately ask about the launch plan' whenever an engineering ship date is mentioned is overly aggressive and may trigger unsolicited redirection from the user's actual goal. In agent systems, this kind of proactive behavior can create context hijacking, where routine product or engineering discussions are pulled into marketing workflows without sufficient intent verification.

Vague Triggers

Low
Confidence
78% confidence
Finding
Triggering the full Product Hunt strategy on any mention of Product Hunt lacks contextual checks and can over-expand the conversation into a detailed playbook the user did not request. While lower risk than broader routing flaws, it still increases the chance of irrelevant or intrusive agent behavior and reduces reliability of skill selection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal