ClawHub

AI Product Launch — GTM Strategy & Product Hunt #1 Playbook

Security checks across malware telemetry and agentic risk

Overview

This is mostly a launch-marketing playbook, but it includes account-purchase resources and agent-managed outreach guidance that could lead to platform-abuse or reputation risk.

Install only if you are comfortable treating this as a human-reviewed marketing playbook, not an autonomous campaign operator. Do not use the account-purchase resources, and require manual approval for any public post, DM, Product Hunt request, Reddit activity, analytics deployment, or third-party tracking setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file explicitly warns against automated bulk DM because it can violate platform terms, yet later recommends services for purchasing Google, Facebook, and Twitter/X accounts. That contradiction materially increases abuse potential by enabling ban evasion, fake persona creation, and coordinated inauthentic behavior for outreach or manipulation, especially in a launch-marketing skill where account reputation and reach matter.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The README explicitly promotes installing the playbook as an AI-agent skill and states the agent can help execute go-to-market strategies, generate content, and manage campaigns, but it does not warn users that agent-driven outreach, posting, or campaign actions may affect third-party accounts, brand reputation, or platform compliance. In a marketing automation context, this omission can lead users to over-trust autonomous actions and unintentionally perform spammy, non-compliant, or reputation-damaging operations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains broad marketing phrases such as "product launch," "Product Hunt," and especially "go global," which can match many ordinary user requests beyond this skill’s narrow purpose. In an agent environment, overbroad triggers can cause the skill to activate unexpectedly, hijack unrelated conversations, and steer users into canned launch-marketing guidance when another tool or skill would be more appropriate.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The tool list recommends short-link tracking and user-behavior analytics platforms without any privacy, consent, retention, or disclosure guidance. In a growth/launch context, operators may deploy UTM tracking, event analytics, and click monitoring across multiple channels in ways that collect personal data or behavioral profiles without appropriate notices or lawful basis, creating compliance and user-trust risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal