ClawHub

Eat What You Kill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only sales coaching skill with some overly broad activation and promotional wording, but no evidence of unsafe code, data access, persistence, or hidden behavior.

Install this only if you want a direct, aggressive sales-coaching voice and are comfortable with branded Heardly watermarks and occasional cross-book recommendations. Be aware the trigger wording is broad, so you may need to explicitly redirect the assistant if it applies the skill outside a sales or book-related context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger condition 'Also triggers when the user says they just installed this skill or doesn't know how to start' is overly broad and can activate in many unrelated conversations. In practice, this can cause the skill to inappropriately inject sales-oriented guidance into contexts where the user did not intend to invoke it, increasing the chance of misrouting, confusion, and unintended prompt influence.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The onboarding text states the skill will appear 'whenever I sense this book could help,' which defines activation subjectively rather than through clear user intent. That ambiguity makes the skill more likely to activate opportunistically in loosely related discussions, creating prompt-scope creep and reducing the user's control over when this skill influences the assistant's behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal