ClawHub

Know Your Rights And Claim Them

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only human-rights education skill, with no malware signal or hidden execution, but users should treat its protest and legal-action guidance cautiously.

Install only if you want human-rights and youth-rights guidance. Before following advice about protests, walkouts, media contact, or legal escalation, assess local law and retaliation risks, involve trusted adults or qualified local support when appropriate, and avoid treating the skill as legal advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger conditions are broad and include generic phrases such as mentions of human rights, Amnesty, child rights, or even that the user just installed the skill. This can cause the skill to activate in unrelated conversations, injecting legal/activist guidance when the user did not explicitly request it, which creates context hijacking and increases the chance of unsafe or confusing advice being surfaced to minors.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Quick Start says the skill will 'show up whenever I sense this book could help,' which is an open-ended activation claim with no defined boundaries. In a sensitive domain involving youth rights, discrimination, protest, and legal action, this vagueness can lead to unsolicited intervention in adjacent discussions and overconfident routing into advice that may not fit the user's actual needs or safety situation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The section recommends escalating to public actions such as protests, walkouts, media engagement, and legal action, but it does not attach an explicit warning at the point of use about legal consequences, retaliation, doxxing, school discipline, arrest risk, or heightened danger for minors and users in repressive environments. In a youth-focused activist skill, this omission is materially risky because readers may treat the ladder as generic step-by-step guidance and advance into higher-risk actions without adequate situational assessment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal