ClawHub

software_test_case_design

Security checks across malware telemetry and agentic risk

Overview

This is a text-only test-case design skill with some broad routing terms, but no evidence of hidden execution, data access, persistence, or exfiltration.

Install this if you want broad assistance drafting software test cases. Be aware that generic prompts mentioning agents or web testing may activate it when a narrower skill would be better; it should not need credentials or run tests for you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description is extremely broad and enumerates many common testing activities, which can cause the skill to be selected for a wide range of ordinary requests beyond the author's likely intent. Over-broad routing increases the chance of capability confusion, inappropriate instruction loading, and unexpected behavior in downstream agent workflows.

Vague Triggers

High
Confidence
98% confidence
Finding
Using the standalone keyword "Agent" as a trigger is dangerously generic because it can match many unrelated user prompts that merely mention agents, customer service agents, or software agents. This can misroute requests into the wrong skill, causing irrelevant instructions and checklists to be loaded and potentially overriding safer or more appropriate routing decisions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The platform trigger "Web Testing" is ambiguous and broad enough to capture many requests that are not specifically about PC web platform behavior. That ambiguity can lead to incorrect platform overlay selection, producing mismatched test cases and reducing reliability of the skill's outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal