ClawHub
Back to skill

Security audit

Latticework

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed decision-analysis skill made of markdown guidance, with no code execution, credential access, persistence, or data-sending behavior found.

Installers should treat this as a decision-support skill: useful for structured analysis, but not a substitute for human judgment on high-impact business, financial, legal, or operational decisions. It does not appear to install code, access secrets, or modify systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest says "Activate when" followed by several example phrases, but also includes broader condition-based language such as "a decision keeps surfacing objections from different stakeholders that don't overlap." This leaves trigger scope somewhat open-ended and may cause unintended invocation during ordinary strategy or analysis conversations without a precise boundary or explicit exhaustive trigger list.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Red Flags

- Only one discipline's vocabulary used throughout
- Stakeholder objections dismissed without checking if they represent another model's prediction
- Decision called "rigorous" because the single model was applied thoroughly
- Diverging data forced into the primary model instead of triggering a model-check
- The analysis cannot name its own blind spots
Confidence
75% confidence
Finding
without checking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.