ClawHub

Chimpanzee Politics

Security checks across malware telemetry and agentic risk

Overview

This is a content-only coaching skill about workplace power dynamics, with broad activation wording but no code execution, data access, persistence, or hidden privileged behavior.

Install this if you want Chimpanzee Politics-framed advice for leadership, coalitions, and workplace conflict. Expect it to trigger on broad workplace-dynamics prompts and append a Heardly watermark; use judgment because the primate-politics metaphor can be reductive for real human organizations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is broad and includes common workplace terms such as 'power dynamics,' 'conflict resolution at work,' 'leadership and power,' and 'group behavior,' which can cause the skill to activate during ordinary conversation outside clear user intent. This creates an over-triggering risk where the agent may inject unsolicited guidance, override more relevant skills, or expose users to manipulative organizational framing when they did not explicitly request this skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The onboarding language says the skill will appear 'whenever I sense this book could help,' which encourages ambiguous, model-driven activation without a well-bounded trigger condition. In practice, this can lead to unsolicited intervention and prompt the assistant to steer conversations toward this framework even when the user did not ask for it, increasing the chance of inappropriate routing and user confusion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal