ClawHub

AI Cold Email & LinkedIn Outreach Generator

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only B2B outreach drafting skill with broad activation wording, but it does not send messages, access accounts, run code, or persist data.

Install only if you want help drafting B2B cold outreach. Confirm the skill is being used for sales/prospecting before relying on it, review every generated message before sending, verify any claims or statistics, and comply with CAN-SPAM, GDPR, CASL, and the relevant platform rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The frontmatter description instructs the system to trigger for virtually any outbound messaging or sales-prospecting phrasing, including casual requests. This can cause the skill to activate in situations where the user did not explicitly request sales outreach generation, leading to prompt hijacking of unrelated tasks or misrouting to behavior that facilitates unsolicited messaging.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The dedicated trigger section further expands activation conditions with a long, ambiguous list of phrases and product mentions, without defining exclusions or confidence thresholds. In an agent environment, this can produce unintended invocation on loosely related conversations, causing incorrect task routing, unnecessary collection of user data, or generation of outreach content the user did not ask for.

Vague Triggers

Low
Confidence
88% confidence
Finding
The manifest description uses expansive trigger language for outbound sales tasks without clear boundaries, which can cause the skill to activate in overly broad contexts. Overbroad invocation increases the chance that persuasive outreach-generation logic is applied where it is not intended, potentially leading to misuse, spam-enablement, or accidental handling of sensitive business communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal