ClawHub

Beyonce Biography

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Beyoncé biography helper for children; its activation wording is broad but it does not request sensitive access, run code, or modify data.

Install this if you want a simplified, child-friendly Beyoncé biography helper. Be aware it may activate on broad words like music, Houston, singer, or role model, and it appends Heardly attribution to every answer; narrow or disable the skill if that interferes with unrelated conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains broad, common terms such as "music," "singer," "performer," "Houston," and "role model," which can cause the skill to activate in many unrelated conversations. This creates prompt-scope hijacking risk: the agent may inject Beyoncé-specific onboarding or content when the user intended a different topic, degrading routing integrity and potentially overriding more relevant skills or system behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The condition that the skill should also trigger when a user says they "just installed this skill" or "doesn't know how to start" is ambiguous and unconstrained, because those phrases are generic onboarding statements not uniquely tied to this skill. In a multi-skill environment, this can cause unsolicited activation and forced Quick Start output, creating cross-skill interference and making it easier for the skill to capture sessions it was not meant to handle.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal