ClawHub

Mythos

Security checks across malware telemetry and agentic risk

Overview

Mythos is a documentation-only reasoning skill that is purpose-aligned, but users should understand its optional broad auto-activation and higher-cost parallel mode.

Install this if you want structured reasoning for complex questions. Review the optional CLAUDE.md snippet before using it globally, because it can activate on many everyday prompts and high-complexity cases may use multiple parallel model calls, increasing cost and verbosity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The blueprint explicitly instructs the orchestrator to invoke the Agent tool multiple times in a single turn, which can trigger several model/API calls and materially increase cost. Although the document later discusses cost awareness, the finding is still valid because the operational instruction appears before any user-facing consent or guardrail requiring disclosure, so a skill using this pattern could surprise users with higher spend or resource consumption.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The protocol auto-applies to "any non-trivial request" without clear boundaries, which creates an overly broad trigger surface for the skill. In an agent framework, ambiguous activation scope can cause unintended invocation on unrelated prompts, leading to prompt-routing errors, hidden reasoning behavior, or unexpected policy interactions across normal conversations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Making silent mode the default for "everyday non-trivial requests" broadens the protocol to common interactions while suppressing visible evidence that the skill was engaged. That combination increases the chance of covert or unintended behavior, reduces operator awareness, and makes debugging or auditing misactivation significantly harder.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal