ClawHub

Auto Glass Repair Marketing Kit

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only marketing prompt kit with no code execution or hidden data access, but users should verify its legal and location-specific claims before publishing generated ads.

Install is reasonable if you want auto-glass marketing templates, especially for Nevada-oriented shops. Before using generated copy publicly, replace any hard-coded Nevada or Las Vegas references, confirm local licensing and insurance rules with qualified counsel, and review deductible or coverage statements against the customer’s actual policy and jurisdiction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The prompt’s own hard block forbids deductible-absorption style claims and requires policy verification, but the example email reintroduces a coverage assertion phrased as 'no deductible' for repairs. In a marketing-generation skill, contradictory embedded examples are dangerous because downstream users or models may copy the prohibited language verbatim, creating deceptive or noncompliant advertising and legal exposure.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The skill hard-codes Nevada legal and licensing rules into a generic campaign generator without an explicit Nevada-only scope check. In context, this can produce legally incorrect compliance language for other states or locales, causing misleading ads, omitted required disclosures, or false legal claims that businesses may publish unchanged.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The prompt hard-codes 'Las Vegas' in seasonal ad copy despite the skill otherwise using variable city placeholders. This can cause geographically inaccurate or misleading output, potentially exposing operators to reputational harm, bad ad performance, and accidental publication of false local claims when reused for businesses outside that market.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal