ClawHub

Web Compliance Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent website compliance drafting and audit helper, with legal overreliance risk but no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Use this as drafting and issue-spotting support, not legal advice. Provide accurate facts about regions, data collection, tracking, transactions, subscriptions, apps, and existing policies, then have qualified counsel review high-risk, cross-border, children, health, finance, AI, marketplace, or subscription launches before relying on the output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The audit trigger includes very broad terms such as "review" and Chinese equivalents, which can cause the skill to enter AUDIT mode when a user intended a general discussion or non-compliance review. In this skill, unintended mode switching can lead to collecting the wrong inputs, producing incorrect compliance assessments, and skipping the safer clarification step expected for legal/compliance workflows.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This skill is designed to generate legal/compliance documents and launch-gating outputs that users may rely on operationally. Even though it includes a generic 'not legal advice' disclaimer and fact-gathering workflow elsewhere, the absence of a strong, repeated warning that outputs can be materially incomplete or inaccurate if facts are missing, stale, or unreviewed creates a real risk of unsafe overreliance in a high-stakes legal context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal