ClawHub

SN94 Competition Poster

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a focused SN94 competition-proposal and task-repo scaffolding helper, with no evidence of credential theft, exfiltration, persistence, or destructive behavior.

Install only if you want help drafting SN94 BitSota competition proposals or generating starter task repositories. Be aware the skill may be auto-selected for loosely related research-competition prompts; review generated repos before publishing, keep secrets and wallet material out of task repos, and run generated benchmark/setup scripts only in an appropriate sandbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The default prompt is phrased broadly enough that the skill may be invoked in many loosely related research or proposal-writing contexts without an explicit user request. In a system that supports skill routing, this can cause unintended activation and inject specialized instructions into unrelated workflows, increasing prompt-scope confusion and the chance of unauthorized task shaping.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Enabling implicit invocation without defining clear activation boundaries allows the platform to auto-select this skill in ambiguous situations. Because this skill is oriented toward producing competition proposals and task repos, unintended invocation could alter outputs, expose internal workflow assumptions, or steer users into a specialized process they did not request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal