ClawHub

Systematic Literature Review

Security checks across malware telemetry and agentic risk

Overview

This is a coherent academic-review workflow skill with no executable code or hidden behavior, though users should avoid sharing restricted research data unless authorized.

Install is reasonable for academic evidence-synthesis work. Before using it with unpublished manuscripts, embargoed datasets, or participant information, make sure you have authorization and remove identifying or restricted details where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Low
Confidence
88% confidence
Finding
The description says to use the skill whenever a researcher or graduate student needs to conduct a systematic or scoping literature review, but it does not provide explicit trigger phrases, constraints, or negative examples. This broad wording may overlap with ordinary research-help requests and makes the activation scope less precise than ideal.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file instructs the skill to treat unpublished manuscripts, embargoed data, and identifiable participant information as confidential, which indicates the workflow may involve sensitive data. However, the skill description does not include a clear user-facing warning to avoid pasting personal or restricted data unless authorized and properly de-identified.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## 6. Quality Appraisal

**Tool:** [RoB 2 / ROBINS-I / Newcastle–Ottawa / CASP / MMAT / QUADAS-2]

| Study ID | Domain 1 | Domain 2 | Domain 3 | ... | Overall | Notes |
| --- | --- | --- | --- | --- | --- | --- |
Confidence
85% confidence
Finding
Tool:*

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal