ClawHub

Underwriting Expert Digital Employee

Security checks across malware telemetry and agentic risk

Overview

This is a tool-free advisory insurance-underwriting prompt, not executable software, though it covers sensitive customer, health, and outreach topics.

Install only as a reference aid. Do not connect it to telephony, messaging, transcription, or real customer health/insurance data workflows unless you add consent checks, privacy controls, auditability, and qualified human review outside the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest and security notice explicitly frame the skill as advisory-only with no executable or operational behavior, yet the body claims capabilities like customer outreach by phone/message. This mismatch can mislead reviewers, policy gates, or downstream systems into granting trust to a skill whose documented behavior is more operational and sensitive than declared.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file says there is no executable code, network behavior, or persistent operation, but later advertises full transcription and recording-inspection workflows that imply handling sensitive media and potentially external processing. Even without code present, this kind of capability misrepresentation can cause unsafe deployment assumptions around privacy, compliance, and tool access.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The security notice says there are no network calls, but the follow-up module states the skill supports calling customers and sending messages. That contradiction is dangerous because it obscures real-world contact and data-handling behavior in an insurance context involving personal and potentially regulated information.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
Labeling the skill as educational-reference only while describing operational outreach and media-processing functions creates a trust-boundary failure. Users and integrators may rely on the safer label and overlook that the documented use cases involve acting on customers and analyzing sensitive recordings.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The follow-up module includes generic trigger phrases such as '打电话', '发消息', and '客户跟进', which can match ordinary conversation and activate an insurance outreach workflow unexpectedly. In a customer-contact context, overbroad triggers raise the risk of unintended guidance, misuse of sensitive customer context, or accidental operational suggestions.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The Health Verification module contains broad trigger terms like '核保' and '风险评估', which may overlap with general discussion and cause the skill to engage on sensitive underwriting analysis without clear user intent. In insurance underwriting, unintended activation is more dangerous because outputs can influence handling of health information and risk decisions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal