ClawHub

My Next Breath

Security checks across malware telemetry and agentic risk

Overview

This skill is a memoir-inspired trauma and recovery coach, but it is too willing to advise users in active medical, emergency, or mental-health crises without clear safety handoffs.

Review before installing. This skill does not appear to contain malware or hidden system access, and VirusTotal/static scans were clean, but it may give forceful advice in situations where a user should call emergency services, follow medical professionals, or seek mental-health support. Use it only as memoir-inspired reflection, not as crisis, medical, or psychological guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrases are broad enough to activate on ordinary user disclosures about injury, crisis, trauma, or emotional distress, causing the skill to engage in high-stakes situations it is not qualified to handle. In this context, overbroad routing is dangerous because the skill presents executable crisis and recovery guidance that may displace safer default responses such as directing users to emergency, medical, or mental-health support.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill provides crisis-response, injury-survival, and recovery advice but does not warn that it is not emergency, medical, or mental-health guidance. That omission is especially dangerous because the content is framed as an 'executable toolkit' and includes imperative advice for users in acute danger or severe pain, which can create harmful reliance during emergencies.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The file includes a direct violent statement: "I want to shoot that kind of perky person." Even though it appears as a quoted expression about rejecting toxic positivity rather than an operational threat, it still normalizes violence toward a class of people and could be surfaced verbatim by the skill in a mental-health-adjacent trauma context. In this context, users may be distressed or in crisis, which makes reproducing hostile violent language more risky than in a neutral literary analysis setting.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file gives direct crisis-response and injury-assessment guidance such as 'stop computing,' 'commit,' and self-prioritizing medical threats without any warning to contact emergency services or defer to trained responders. In the context of a skill explicitly triggered by users in danger, severe trauma, or painful recovery, this can cause users to rely on memoir-derived advice instead of urgent professional medical or emergency guidance, increasing the risk of serious injury or death.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal