ClawHub

Incident Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only incident report template that collects user-provided outage details and does not include code, installs, credential access, or hidden automation.

Use this for drafting incident reports from information you intentionally provide. Avoid entering secrets, credentials, or unnecessary personal data, and treat Feishu sending or file export as separate actions that should only happen after you explicitly approve them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are very broad generic incident-report phrases without boundaries, examples, or disambiguation logic, so the skill may activate for many unrelated user requests that merely mention outages or reports. This can cause unintended workflow hijacking, where the agent starts collecting structured incident data or steering output into this template even when the user wanted analysis, troubleshooting, translation, or another task.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are broad, generic incident-related phrases that can easily appear in ordinary conversation, which raises the risk of unintended skill activation. When a skill activates too eagerly, it can hijack a normal support or discussion flow, push the user into a rigid data-collection workflow, and potentially encourage sharing of sensitive operational details unnecessarily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal