ClawHub

Go Like Hell

Security checks across malware telemetry and agentic risk

Overview

This is a text-only leadership guidance skill based on Go Like Hell, with some broad activation and branding instructions but no hidden code, data access, or destructive behavior.

Install only if you want a branded Heardly-style leadership framework that may activate on broad rivalry, pressure, culture, or hiring questions. It appears safe from a security perspective, but its mandatory watermark and proactive quick-start behavior may be intrusive in conversations where you did not intend to use this book-specific framing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly triggers not only on domain-specific phrases but also when a user says they just installed the skill or does not know how to start. Those onboarding phrases are generic and can cause unsolicited invocation in unrelated conversations, increasing the chance the assistant injects this skill's framing and required output format where it is not contextually appropriate.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several trigger phrases use broad everyday business language like culture clash, fear of failure, pressure, and hiring talent, which are common across many unrelated user requests. This can lead to over-triggering, causing the assistant to apply a book-specific framework and mandatory watermark to conversations that did not ask for it, degrading reliability and potentially overriding more suitable skills or system behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal