ClawHub

Expecting Better

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent pregnancy-information skill, but it gives actionable and sometimes contested medical guidance without strong upfront safeguards.

Review carefully before installing in any user-facing health or pregnancy product. If used, wrap it with prominent medical disclaimers, current-source checks, clinician-referral rules, urgent-symptom triage, and restrictions against giving personalized medical decisions based only on this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes English as the default when ambiguity exists, which can cause the agent to respond in a language the user may not understand. In a health-related context, even a usability flaw can become a safety issue because misunderstood pregnancy guidance may lead to incorrect decisions or reduced access to care information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill presents pregnancy and medical risk guidance near the top without a prominent upfront disclaimer that outputs are informational only and not medical advice. Because users may treat authoritative, data-driven health content as personalized clinical guidance, this increases the risk of unsafe self-management, especially where the skill includes controversial recommendations that may diverge from current medical consensus.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The intent names and mappings are broad enough to let the skill activate on general pregnancy-risk or safety questions without clear scope limits, exclusions, or routing safeguards. In a health-related skill, overly broad triggers can cause the agent to provide pregnancy guidance in situations that may require clinician-directed advice, emergency escalation, or more narrowly qualified decision support.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This document provides detailed health-related decision-making guidance about pregnancy, fertility, miscarriage, alcohol, listeria, and prenatal testing, and it presents concrete risk figures that a user could act on. Although the final paragraph says the goal is not to replace a doctor, it does not clearly function as an upfront medical disclaimer or direct users to seek professional care before making decisions, so readers may over-rely on the content as actionable medical advice.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file gives affirmative pregnancy alcohol guidance such as '1 drink per day in second/third trimester: no evidence of harm' and frames abstinence guidance as overly conservative, but it does not prominently warn that this is contested medical information and not individualized medical advice. In a reference skill likely used to answer user health questions, this can encourage pregnant users to consume alcohol based on incomplete or non-clinical context, creating risk of fetal harm and unsafe medical decision-making.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The sushi/food section recommends continuing sushi consumption and minimizing concern about deli meats and similar foods without an upfront clinical caution, despite pregnancy-specific susceptibility to food-borne illness and mercury exposure. In a pregnancy advice context, users may interpret this as operational permission to engage in behaviors that depend heavily on sourcing, preparation, local advisories, and personal medical status, which are not captured here.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This reference gives actionable prenatal advice and interprets symptoms like nausea as reassuring without clearly warning that the material is educational and not a substitute for individualized medical care. In a pregnancy context, users may rely on generalized statements despite contraindications, high-risk conditions, or red-flag symptoms, which could delay appropriate evaluation or lead to unsafe self-management.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This reference gives direct, actionable medical decision guidance about epidurals and induction without clearly stating that it is educational material and not a substitute for individualized medical advice. In a pregnancy and labor context, readers may over-rely on generalized statements and make care decisions without consulting a qualified clinician, increasing the chance of unsafe choices for mother or baby.

Missing User Warnings

High
Confidence
99% confidence
Finding
The home birth section presents comparative risk figures and concludes that home birth can be a reasonable option for some women, but it does not prominently require individualized clinical evaluation before readers use the information to choose a birth setting. Because home birth safety depends on specific factors like prior C-section, fetal presentation, gestational age, distance to hospital, and emergency transfer capability, generalized guidance here could lead users to underestimate serious neonatal or maternal risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This document provides detailed medical risk estimates and prenatal testing decision frameworks without any explicit warning that it is educational information rather than personalized medical advice. Users may reasonably rely on the content for pregnancy-related decisions, and the text's authoritative tone and numerical specificity increase the chance of harmful self-directed decision-making without clinician input.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal