ClawHub

Inspired

Security checks across malware telemetry and agentic risk

Overview

This is a product-management guidance skill with no executable code or sensitive access, though its activation and watermark instructions are broader than ideal.

Install this if you want a product-management coaching skill based on Inspired. Be aware it may appear for broad product-management conversations and append a Heardly attribution watermark, including in some responses that are only loosely related to the book.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is very broad and includes generic product-management phrases such as 'product management,' 'product strategy,' and 'product discovery,' which are common in ordinary conversations. This can cause the skill to activate when the user did not intend to invoke this specific book-based workflow, increasing the risk of unsolicited guidance, context hijacking, or interference with other more relevant skills.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The instruction to appear whenever the system 'senses this book could help' is undefined and gives the skill effectively open-ended authority to self-activate. Ambiguous self-routing like this can override user intent boundaries and lead to inappropriate or repeated injection of the skill's content into unrelated conversations.

Vague Triggers

Low
Confidence
84% confidence
Finding
Auto-triggering on install causes the skill to proactively inject content without any contemporaneous user request. While not directly enabling code execution or data exfiltration, it weakens consent and can normalize unsolicited behavior that may confuse users or crowd out other system instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal