ClawHub
Back to skill

Security audit

Leevar Entrepreneur Mindset

Security checks across malware telemetry and agentic risk

Overview

This is a text-only business strategy framework that may steer advice strongly, but it does not request code execution, credentials, data access, persistence, or privileged actions.

Install this only if you want a strongly opinionated Chinese-language entrepreneurial strategy lens. Treat its business and investment suggestions as brainstorming support, not as a substitute for financial, legal, hiring, or operational judgment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is very broad, listing many common business-related terms such as 战略, 项目, 团队, and 产品设计. In a multi-skill agent environment, this can cause unintended activation and override more specific skills, leading the agent to apply this rigid framework when the user did not request it. The risk is increased by the skill’s authoritative wording and broad applicability to many normal conversations.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill states that the framework must be enforced for any business problem and '不得绕过', which removes user choice and forces a single decision methodology. This can bias outputs, suppress alternative approaches, and make the agent less responsive to user preferences or safer competing instructions, especially when the framework is framed as mandatory rather than optional guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.