ClawHub
Back to skill

Security audit

Munger Think Partner

Security checks across malware telemetry and agentic risk

Overview

This is a text-only decision framework skill with no code execution or data access, but users should treat its investment and career guidance as informational only.

Install only if you want a Munger-style decision checklist to appear in broad decision-making conversations. Do not treat its outputs as professional financial, investment, legal, or career advice, and independently verify factual claims and high-impact recommendations before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrases are very broad, everyday prompts about decisions, risk, jobs, and mistakes, so the skill may trigger in many unrelated conversations where the user did not explicitly ask for a Munger-style framework. In this skill’s context, that increases the chance of unsolicited investment or career guidance being injected into normal chats, which can mislead users or override more appropriate assistant behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill provides investment analysis, business decision support, risk management, and career-choice guidance but does not warn users that outputs are informational and not professional financial or career advice. In this context, the absence of a disclaimer is more dangerous because the skill presents structured, authoritative recommendations that users may reasonably treat as expert advice, potentially leading to harmful real-world financial or employment decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.