ClawHub

Deep Thinking

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only reasoning guide that may make an agent more verbose or reflective, but it does not add code execution, data access, persistence, or external integrations.

Install this if you want the agent to apply more structured analysis on complex tasks. Expect longer, more reflective answers; avoid using it when you need terse responses, and agents should still summarize reasoning rather than expose private chain-of-thought.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is extremely broad ('complex tasks', 'multi-step problems', 'think deeply or carefully') and can cause the skill to activate for a wide range of ordinary prompts. Over-broad auto-activation is dangerous because it can unexpectedly override or steer normal model behavior, increasing attack surface for prompt conflicts, instruction shadowing, or unnecessary exposure to embedded guidance in situations where the skill is not actually needed.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation guidance relies on subjective conditions such as 'multiple valid approaches,' 'ambiguous requirements,' and 'stakes are high,' which are common and loosely defined. This ambiguity makes the skill likely to trigger too often and gives its internal instructions influence over many unrelated tasks, which can degrade instruction hierarchy handling and make prompt-injection style misuse easier by expanding when the skill is in scope.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The document explicitly instructs the model to generate natural-language 'thinking' that mimics hidden chain-of-thought, including inner monologue phrases and course-correction narration. This is dangerous because it pressures the agent to reveal or simulate private reasoning traces, which can violate safe response policies, expose sensitive deliberation patterns, and make prompt-extraction or policy-bypass attempts easier.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal