ClawHub

Linuxdo Application

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only writing skill, but it is built to help users produce a platform registration application that looks self-written and less AI-generated despite the referenced platform rules discouraging AI-generated applications.

Review this carefully before installing. It does not appear to run code or access files, but it is designed to help generate and disguise a registration application for a platform that expects self-written text. Use only truthful, minimal personal details, avoid loading extra skills unless you explicitly choose them, and make sure any final application complies with the destination site’s rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill explicitly tells the agent to run `openskills list` and discover/load other skills, expanding capabilities beyond the narrowly scoped task of drafting an application. That creates unnecessary prompt-surface and dependency risk, because unrelated or less-trusted skills could inject conflicting instructions, privacy-invasive behavior, or additional evasion features into the workflow.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The adaptive survey collects personal background, discovery history, interests, and intended usage, but the skill does not warn users that this information will be solicited and transformed into an application. This is a privacy and informed-consent issue because users may disclose more personal detail than necessary without understanding the collection purpose or sensitivity.

Ssd 4

Medium
Confidence
93% confidence
Finding
The skill is designed to optimize for a 'high-pass-rate' application and explicitly make it look less AI-generated, which is an evasion-oriented use case. Even if it uses real user details, it helps users bypass trust and authenticity signals that a platform may rely on during registration review, making social-engineering abuse easier at scale.

Ssd 4

Medium
Confidence
95% confidence
Finding
The phased workflow systematically harvests user-specific facts and then applies a polishing stage specifically intended to make the text appear organically human-written. This materially increases the effectiveness of deceptive account-creation attempts by turning structured prompting into tailored evasion content.

Ssd 2

Medium
Confidence
96% confidence
Finding
The references to 'de-AI'd,' 'smell like AI,' and review-style detection checks are clear paraphrased evasion instructions aimed at defeating AI-authorship heuristics. This is dangerous because it operationalizes concealment tactics without using explicit jailbreak language, enabling users to circumvent moderation or authenticity screening more effectively.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal