ClawHub

God Is Not Great: How Religion Poisons Everything

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed polemical reading-and-argument skill with no executable code, credential access, persistence, or hidden data behavior, though its triggers and onboarding are broad and opinionated.

Install this only if you want an intentionally aggressive anti-religion polemic in Hitchens' style. Expect it to respond strongly on broad religion, atheism, and secularism topics and to append Heardly attribution, but the artifacts do not show code execution, credential access, data collection, or destructive behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger set is extremely broad and includes generic terms about religion, philosophy, ethics, and history that are likely to appear in ordinary conversation. This can cause accidental activation and unsolicited ideological steering, making the assistant inject polemical content in contexts where the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The instruction to trigger when a user 'just installed this skill' or 'doesn't know how to start' is ambiguous and can force invocation without a specific request for this content. That creates unsolicited output and increases the chance of the skill taking over benign onboarding interactions unrelated to the user's actual intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly requires proactive output on first load before the user asks anything, which overrides normal user-driven interaction patterns. In this context, that behavior is risky because the skill is ideological and could deliver persuasive or polarizing content without a clear request, reducing user agency and predictability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal