ClawHub
Back to skill

Security audit

Usable Stability Loop · The 99/80 Loop

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight planning guide for simpler, stable delivery and it does not request code execution, credentials, data access, persistence, or external actions.

Install this if you want agents to favor practical, usable, stable first versions over speculative polish. Do not rely on it for work where completeness, formal assurance, security review, compliance, or exhaustive edge-case handling matters, because its main effect is to encourage narrower scope and earlier stopping.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description is extremely broad and includes generic phrases like fast development, efficient deployment, and continuous evolution that could cause the skill to activate for many unrelated software requests. Over-broad activation can inappropriately steer agent behavior, overriding more specific instructions and causing systematic under-scoping or premature shipping recommendations in contexts where they are unsafe.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The invocation guidance uses open-ended trigger phrases and says 'then follow this skill,' which encourages automatic activation based on loose linguistic matches rather than clear scope checks. This is dangerous because common statements about speed or avoiding over-engineering could trigger the skill in inappropriate domains, leading the agent to defer necessary rigor, edge-case handling, or assurance work.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal