ClawHub

Competitive Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only competitive research prompt with somewhat broad business wording, but it does not request system access, credentials, persistence, or automatic actions.

Install this only if you want a broad business research and competitive analysis prompt. Provide only the business information needed for the task, avoid unnecessary confidential data, and have qualified staff review strategic, compliance, financial, or operational recommendations before using them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill documentation materially expands the advertised scope from competitive intelligence into broad market research, business operations optimization, process automation, and compliance support. This scope drift can cause an agent or user to rely on the skill for decisions and actions outside its declared purpose, weakening guardrails, increasing misuse risk, and enabling higher-impact outputs than expected.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
Promising ready-to-use documents, scripts, or plans extends the skill beyond analysis/reporting into operational deliverables, which may prompt downstream execution or automation not covered by the skill's stated purpose. Even without explicit code execution, this increases the chance that users or orchestrators treat the skill as authorized to generate action artifacts with insufficient review.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal