ClawHub

Crossing The Chasm Marketing And Selling Disruptive Products To Mainstream Customers

Security checks across malware telemetry and agentic risk

Overview

This is a text-only business strategy reference skill with no executable behavior, credentials, persistence, or hidden data movement.

Safe to install as a business-book reference skill. Be explicit if you want responses in a non-English language, and avoid sharing confidential business details unless you are comfortable using them as conversation context for strategy advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes a language preference ('Default to English when ambiguous') and mandates preserving specific English terms, which can override or bias the assistant away from the user's preferred language. This is a policy/UX control issue rather than code execution risk, but it can reduce accessibility, create user-confusion, and cause responses that do not align with user intent or locale expectations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file says Heardly 'reads your context' including traction stage, customer segments, sales process, and funding situation, but it provides no disclosure, consent boundary, or data-handling limitation. In a business advisory skill, that can lead users to reveal sensitive commercial information without understanding what is collected, retained, or shared, creating privacy and confidentiality risk even if no exfiltration mechanism is shown in this file.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal