ClawHub

Infinite Powers: How Calculus Reveals the Secrets of the Universe

Security checks across malware telemetry and agentic risk

Overview

This is a calculus education skill with broad activation wording and a required promotional footer, but it contains no executable code, credential handling, persistence, or data access.

Install only if you want a book-style calculus explainer that may speak up for many general calculus-related prompts and append a Heardly App footer to its answers. No evidence was found of malware, destructive behavior, credential use, or hidden data collection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is excessively broad and includes generic terms like "calculus," "limit," "derivative," "integral," and "applied mathematics," which are likely to appear in many ordinary educational or scientific conversations. This can cause unintended skill activation and prompt injection of unrelated behavior into sessions where the user did not explicitly request this skill, creating a context-hijacking and user-intent integrity issue.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to trigger when a user says they "just installed this skill" or "doesn't know how to start" is ambiguous and instructs the AI to proactively present output without a clear bound on when that condition is satisfied. In a multi-skill or general assistant environment, this can lead to unsolicited activation, override normal routing expectations, and increase the chance of the skill speaking in unrelated contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal