ClawHub

ADI Decision Engine

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local decision-support helper with no evidence of exfiltration, persistence, credential access, or destructive behavior, but users should be careful applying it to hiring or other sensitive decisions.

Install only if you want a local decision-support workflow and trust the external adi dependency. Avoid relying on it as the sole basis for hiring, employment, lending, housing, medical, legal, or similarly high-impact decisions; require user-provided, job-related, lawful criteria and human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill enables implicit invocation without any visible trigger constraints, exclusions, or scope limits. That means the agent may automatically invoke this decision engine in contexts the user did not clearly intend, potentially causing unintended data flow into the skill, overreach in decision-making, or silent influence over recommendations in sensitive domains like hiring, procurement, or vendor selection.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The hiring use case explicitly suggests language or location requirements as constraints without stating they must be lawful, job-related, and user-justified. In a decision-support skill, presenting these as normal ranking filters can encourage discriminatory screening or exclusionary hiring criteria, especially if users adopt them without considering legal or fairness implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal