ClawHub

xquads-advisory-board

Security checks across malware telemetry and agentic risk

Overview

This is a business-advice prompt skill with broad advisory triggers but no code, data access, or authority to change systems.

Use this as a structured brainstorming aid for business decisions, not as authoritative investment, legal, hiring, or financial guidance. Because its triggers are broad, invoke it deliberately for advisory-board style analysis and have a responsible human review assumptions before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is very broad and lacks clear trigger boundaries, which increases the chance that ordinary user requests about business, culture, hiring, or strategy will invoke the skill unexpectedly. In agent systems, ambiguous activation criteria can cause over-broad routing, unintended disclosure of internal reasoning scaffolds, or execution of advice workflows outside the user’s intended context.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example prompts are common conversational phrases like asking whether to accept an investment or how to scale a team, which are likely to overlap with normal user dialogue. This can make the skill trigger too eagerly in unrelated conversations, leading to misrouting, unexpected agent orchestration, or insertion of persona-driven advice when the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Several task names are generic and underspecified, such as "diagnose", "review", and "convene-board", which increases the chance that an agent platform will match or invoke this skill in unintended contexts. Because this skill presents broad strategic advisory behavior across many domains, accidental invocation could route sensitive decision-making or business prompts into the wrong skill and produce misleading or overbroad guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal