ClawHub

Insurance Agent Digital Employee

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable insurance workflow guide that handles sensitive topics, but its data use is disclosed, purpose-aligned, and not backed by storage, network, or tool access.

Install only if you are comfortable using an insurance sales/service framework that may prompt for sensitive customer financial, identity, insurance, and health details. Users should avoid pasting unnecessary identifiers, raw medical records, account numbers, or full client files, and should follow applicable insurance, privacy, and compliance rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Ssd 4

Medium
Confidence
89% confidence
Finding
This section instructs the agent to build trust and collect detailed household, income, debt, existing coverage, and health information as part of a sales workflow. Even without tools or storage, prompting for extensive sensitive and health-related data increases privacy risk, may encourage overcollection, and can lead users to disclose regulated personal information without clear minimization, consent, or handling boundaries.

Ssd 4

Medium
Confidence
93% confidence
Finding
The end-to-end workflow normalizes progressive collection and reuse of sensitive customer information across profiling, needs analysis, health disclosure, application checks, and retention. In context, this creates a structured pipeline for aggregating financial, insurance, identity, and health data, which materially raises privacy, compliance, and social-engineering risk even if the file claims to be advisory-only.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal