ClawHub

Be Here Now

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only spiritual and meditation guidance skill with no code, data access, persistence, or credential use, though users should treat its practices as self-help rather than mental-health care.

Install only if you want Ram Dass-inspired meditation and presence coaching. Be aware it may activate on broad spiritual or mindfulness topics and append a Heardly watermark. Users experiencing severe anxiety, dissociation, psychosis, trauma activation, or crisis symptoms should pause spiritual practices and seek qualified professional or emergency support rather than relying on this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is extremely broad and includes generic phrases like 'Consciousness,' 'presence,' 'meditation,' and 'spiritual practice,' which can cause the skill to activate outside the user's actual intent. In an agent ecosystem, this creates prompt-scope hijacking risk: the skill may inject its behavioral rules, mandatory onboarding, and watermark into unrelated conversations, degrading routing integrity and potentially overriding more appropriate skills.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Saying the skill appears whenever it 'senses this book could help' establishes an ambiguous, subjective activation condition instead of a deterministic one. That ambiguity increases the chance of unsolicited invocation, allowing the skill's mandatory full Quick Start and output-format rules to be injected into conversations where the user did not request this spiritual framework.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file gives meditation and spiritual-practice instructions in a prescriptive, therapeutic tone without any caution that such practices may be destabilizing for some users or inappropriate during acute mental-health symptoms. In this skill context, users may arrive seeking relief from distress, identity confusion, fear, or disconnection, so omission of a mental-health disclaimer increases the risk that vulnerable users rely on the skill instead of professional care or worsen symptoms through unsuitable practice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal