ClawHub

It's About Damn Time: How to Turn Being Underestimated into Your Greatest Advantage

Security checks across malware telemetry and agentic risk

Overview

This is a text-only book guidance skill with some overbroad activation language but no evidence of hidden code, data access, persistence, or destructive behavior.

Installers should expect this skill to actively frame conversations around the book and may see it trigger on broad startup, VC, diversity, or resilience terms. Review the broad trigger behavior if you use many skills, but there is no evidence that it reads private data, runs commands, installs software, or persists in the environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is excessively broad and includes generic terms such as 'airport,' 'cold email,' 'pipeline,' 'underestimated,' and 'hustle culture' that can appear in many unrelated conversations. This can cause unintended skill activation, leading the assistant to inject off-topic content, override more relevant behaviors, or create prompt-routing confusion in contexts that were not asking for this book skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to trigger when a user 'just installed this skill or doesn't know how to start' is ambiguous and can match many harmless onboarding statements unrelated to the skill's domain. Combined with the mandate to proactively present a Quick Start guide, this creates unsolicited activation and response hijacking risk, especially in shared onboarding or multi-skill environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal