ClawHub

Pans Pricing Engine

Security checks across malware telemetry and agentic risk

Overview

This is a local GPU pricing calculator with no hidden access or unsafe behavior found; its main caveat is a broad trigger phrase.

Safe to install from a security perspective. Review the hardcoded GPU prices and discount rules before using the quotes commercially, and be aware that the generic trigger phrase may activate this skill for non-GPU quote requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The English trigger phrase "quote generator" is highly ambiguous and can match many unrelated tasks, from sales quoting to document generation, without constraining the domain to AI compute contracts. This ambiguity can lead to accidental invocation, incorrect tool selection, and user confusion when the skill responds in contexts it was not designed for.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The English trigger phrase "quote generator" is highly ambiguous and can match many unrelated tasks, from sales quoting to document generation, without constraining the domain to AI compute contracts. This ambiguity can lead to accidental invocation, incorrect tool selection, and user confusion when the skill responds in contexts it was not designed for.

Vague Triggers

Low
Confidence
84% confidence
Finding
The repeated trigger list remains under-specified because it enumerates keywords but provides no negative examples or exclusion criteria, making activation boundaries unclear. In an agent environment, unclear routing rules can cause unnecessary skill invocation and lower trust in outputs, though the direct security impact here is limited because the skill is only a pricing calculator.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal