ClawHub

Lean In

Security checks across malware telemetry and agentic risk

Overview

This is a text-only career-advice skill with disclosed onboarding and branding, but no code, credential access, persistence, or hidden data handling.

Install only if you want proactive Lean In-style career coaching and are comfortable with a branded watermark on responses. Treat the gender and workplace advice as one framework, not a universal rule, and adapt it to your own role, culture, and circumstances.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad workplace and career phrases that can match many ordinary conversations, increasing the chance this skill is invoked when the user did not explicitly request it. Because the skill is configured to also trigger on install and proactively present onboarding, unintended activation can inject unsolicited guidance and override user intent in unrelated contexts.

Vague Triggers

Low
Confidence
76% confidence
Finding
The suggested invocation "Map this book to my life" is highly open-ended and can encourage the skill to take over broad personal or professional discussions without clear scoping. In this skill's context, that mainly risks over-triggering and irrelevant guidance rather than direct security compromise, but it still weakens intent precision.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file presents broad behavioral generalizations by gender as factual guidance and does not qualify them as context-specific, research-contested, or optional framing. In a workplace advice skill, this can reinforce stereotypes, alienate users who do not identify with the framing, and produce biased or exclusionary guidance when surfaced directly to end users.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal