ClawHub

gstack CEO Review

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only plan-review skill, but it tells the agent to persist review summaries that may contain sensitive project details without asking the user first.

Install only if you are comfortable with the agent saving CEO review summaries for later use. Avoid using it on confidential roadmaps, unreleased architecture, security issues, or customer data unless you can disable or review the memory-writing behavior. The skill is not executable malware, but its default persistence deserves explicit user review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims it only reviews plans and makes no code changes, yet it also instructs saving the review summary to `memory/`, which is a persistent side effect. This mismatch can mislead users and operators about what the skill actually does, and may cause unreviewed retention of project details that were only intended for transient analysis.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description uses broad, everyday phrases like 'review a plan,' 'challenge this,' 'poke holes,' and 'think bigger,' which increases the chance of accidental invocation in unrelated conversations. Unintended activation can inject strong behavioral constraints into normal user interactions and may also trigger the memory-persistence behavior on content the user did not intend to process with this skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instruction to save a summary to `memory/` introduces persistent storage without warning the user that their plan contents, critiques, or sensitive project details may be retained. Silent persistence is risky because users may share confidential roadmap, architecture, or business information under the assumption that the interaction is ephemeral.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persisting CEO review summaries can retain sensitive user-provided information such as internal architecture, strategic plans, product gaps, and security concerns, which may later be surfaced out of context or to unintended parties. In this skill's context, the reviewed material is likely to be especially sensitive because it concerns roadmap, implementation alternatives, and threat modeling.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal