ClawHub

TalonForge Launch Blitz (EN/AR)

Security checks across malware telemetry and agentic risk

Overview

This launch skill appears purpose-aligned, but it can drive public third-party submissions and monitoring without enough explicit consent and data-sharing disclosure.

Review before installing. Use it only for launches you are ready to publicize, require explicit approval before any submission or monitoring step, and avoid giving it confidential product, customer, financial, or strategy details unless you are comfortable sharing them with the listed third-party platforms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrase "Run the launch blitz" is broad and does not require confirmation, scope limits, or a clear indication that external submissions will occur. In this skill's context, that can cause the agent to initiate preparation for posting to many third-party platforms based on a simple trigger, increasing the risk of unintended outreach, disclosure of product information, or progression toward automated external actions without adequate user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description says the skill "prepares and submits" product launches to numerous external platforms and later monitors those services, but it does not clearly warn the user that product details will be shared with third parties and tracked across them. That omission weakens informed consent and could lead users to disclose sensitive business, marketing, or account-linked information without understanding the privacy, compliance, and reputational implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal