ClawHub

AI Lead Generation & Prospect Finder

Security checks across malware telemetry and agentic risk

Overview

This is a text-only B2B prospecting helper with no installer, executable code, credential use, scraping, or automatic outreach behavior.

Install this only for explicit B2B prospecting work. Verify any contact data yourself, respect LinkedIn and data-provider terms, and make sure outreach complies with GDPR, CCPA, CAN-SPAM, opt-out, and data-minimization requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill's top-level trigger metadata is broad enough to activate on casual phrases like 'help me find customers' or 'who should I be selling to,' which can cause unintended invocation outside clearly scoped B2B prospecting workflows. Over-broad auto-triggering can steer users into lead-generation behavior when they may have intended general advice, increasing the risk of irrelevant, privacy-sensitive, or policy-adjacent outputs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The 'When to Trigger This Skill' section uses high-level phrases like 'I need a pipeline' and 'help me fill my funnel' without boundaries or disambiguation, making accidental activation likely. In a sales-and-marketing skill that can generate targeting guidance and prospecting workflows, ambiguous triggering increases the chance of inappropriate use in contexts involving sensitive targeting, spammy outreach, or requests the user did not intend as lead-generation tasks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is designed to trigger on a very broad set of common sales and customer-discovery phrases, which can cause over-activation in contexts where the user did not explicitly request lead-generation behavior. That creates a prompt-routing risk: the system may steer ordinary business questions into aggressive prospecting workflows, causing unintended data collection, targeting, or outreach recommendations without clear user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal