ClawHub
Back to skill

Security audit

Geo Fix Content

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only content rewriting skill, with a real fact-checking caveat but no evidence of hidden execution, credential use, or malicious behavior.

Use this for content you are comfortable having analyzed from a URL or pasted text. Before publishing the rewritten output, verify every statistic, citation, benchmark, customer count, date, and softened-or-strengthened claim; keep uncertainty language where the evidence is actually uncertain. Do not grant crypto, purchase, account, or credential permissions to this skill unless a separate installer or package clearly justifies them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This guidance explicitly frames confident, authoritative wording as preferable for citation and pairs that with claimed ranking benefits, creating pressure to strengthen claims regardless of evidentiary support. In a content-rewriting skill, that can systematically push users toward deceptive certainty, fabricated precision, or omission of legitimate caveats.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The replacement patterns instruct users to turn uncertain statements into definitive claims or quantified assertions without requiring a source, verification step, or user approval. That is dangerous because it operationalizes overclaiming as a rewrite tactic and can lead directly to false or misleading statements presented as facts.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
Telling writers to replace phrases like 'data suggests' with 'data shows' upgrades the claimed strength of evidence and can materially misrepresent what the underlying data supports. In a skill designed to optimize content for AI citation, this is especially risky because it incentivizes misleading certainty at scale across user-generated materials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:28