ClawHub

Content Adaptation

Security checks across malware telemetry and agentic risk

Overview

This is a simple text-only content adaptation skill with some overly broad business wording but no code, install scripts, persistence, credential access, or hidden behavior.

Safe to install for content rewriting and planning tasks. Use it only for content adaptation, and avoid pasting secrets, credentials, customer records, personal data, contracts, regulated information, or confidential business data unless you are authorized and have minimized or redacted it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest advertises a narrow content-adaptation skill, but the body expands into generic business operations, strategic decision support, process automation, and performance monitoring. This scope mismatch can cause an agent to invoke the skill in contexts far beyond content transformation, increasing the chance of inappropriate delegation, unsafe reliance, or unintended handling of sensitive business data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The top-level description is broad enough that an orchestrating agent could select this skill for loosely related business tasks rather than only for rewriting/adapting content. Overbroad routing guidance is dangerous because it increases accidental invocation and can expose unrelated inputs or decision-making workflows to a skill that was not designed or reviewed for them.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The listed use cases are generic business functions rather than safe activation criteria for a content-adaptation skill. In an agentic environment, such broad use cases can bias tool selection toward inappropriate scenarios, causing the skill to be used as a general business advisor and increasing the risk of poor decisions, scope creep, and unnecessary data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal