ClawHub

Geo Content Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a GEO publishing planner with simple local helpers; its main caution is that it may be invoked broadly for publishing-related requests.

Install if you want help planning GEO-focused publishing campaigns. Review generated copy, factual claims, schema JSON-LD, canonical URLs, sitemap or llms.txt changes, CTAs, and social/email drafts before publishing, because mistakes could be amplified across public channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger guidance is broad enough that the skill may activate for many generic publishing or distribution requests, even when GEO-specific orchestration is not actually needed. Over-broad activation can cause unnecessary delegation, prompt-surface expansion, and inappropriate application of this skill's instructions to unrelated user tasks, increasing the chance of mishandling context or bypassing more suitable skills.

Vague Triggers

High
Confidence
91% confidence
Finding
Explicitly instructing the system to trigger on inferred intent without clear boundaries makes invocation discretionary and difficult to constrain. In agent systems, this can lead to unintended skill execution on borderline requests, causing instruction bleed-through, unnecessary collection/transformation of user content, and greater exposure to prompt-routing abuse where an attacker phrases a request to coerce this skill into contexts it should not handle.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal