ClawHub

Local Business Pack

Security checks across malware telemetry and agentic risk

Overview

This is a plain-text local business messaging skill with no executable code, but healthcare users should add privacy and consent safeguards before using its templates.

Reasonable to install for general local-business drafting. For dental, medical, or other regulated businesses, review and adjust templates before use: avoid treatment-specific details in ordinary SMS/email, verify recipients, honor opt-outs, and use only compliant, consented communication channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The dental/medical templates encourage sending health-related follow-up messages by SMS/email and reference a recent visit and service, which can expose protected health information or sensitive treatment context if sent without explicit consent and compliant workflows. In a healthcare context, even seemingly mild reminders can create privacy, regulatory, and trust risks when messages are delivered over insecure channels or to shared/mistyped contact methods.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The dental/medical reactivation templates encourage use of customer names and last-service information in outreach without any guidance about consent, minimum-necessary data use, or applicable health-privacy rules. In a healthcare context, even seemingly routine reminders can expose sensitive treatment relationships or protected health information if sent insecurely, to the wrong recipient, or without proper authorization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal