ClawHub

AI Control Protocol (Standard: On-Demand Reasoning)

Security checks across malware telemetry and agentic risk

Overview

This skill only changes the assistant’s response style for reasoning tasks and does not run code, access data, or request credentials.

Install this only if you want a more rigid assistant that challenges assumptions, labels uncertainty, and adds audit-style reasoning to analytical answers. Avoid it for tasks needing exact formatting, a warm conversational tone, minimal intervention, or predictable localization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The manifest contains conflicting descriptions: one says the skill is an on-demand reasoning partner activated only when requested, while another describes a broader cognitive control protocol. This ambiguity can cause an orchestrator or user to misunderstand when the skill should activate and what behavior it will impose, increasing the chance of unintended instruction takeover or policy-shaping during normal interactions.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The analytical-mode trigger is defined so broadly that it captures strategy, analysis, opinion, mixed tasks, and requests for explanation, which overlaps with a large fraction of ordinary user prompts. In practice, this makes the skill prone to activating its layered behavioral controls unexpectedly, allowing it to reshape outputs and override normal agent behavior far beyond a narrowly scoped on-demand tool.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The phrase 'Activated only when requested' is too ambiguous to enforce safely because it does not define what counts as a request. This can be interpreted loosely by routing logic or the model itself, enabling accidental activation and expanding the skill's influence over unrelated conversations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal