ClawHub

On Grief and Grieving: Finding the Meaning of Grief Through the Five Stages of Loss

Security checks across malware telemetry and agentic risk

Overview

This is a text-only grief guidance skill with no executable code, but its broad activation terms and proactive onboarding may make it appear in sensitive conversations more often than users expect.

Install only if you want book-framed grief guidance to activate readily on grief, loss, crying, anger, depression, and related terms. For severe distress, crisis risk, or clinical mental-health needs, rely on qualified professional or crisis support rather than this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list is extremely broad and includes common bereavement terms such as grief, loss, crying, anger, depression, and closure, which can cause the skill to activate during ordinary conversation without a clear request for this specific book-based guidance. In a grief-related context, misrouting is more concerning because users may be emotionally vulnerable and could receive unsolicited or mismatched advice when they intended general support or a different type of help.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The first-load behavior triggers when a user says they just installed the skill or does not know how to start, but the condition is ambiguous and may fire without a clear request to use this grief skill. That can lead to unsolicited proactive guidance, which is risky in sensitive bereavement conversations because it may interrupt the user's actual intent or inject a framework before consent is established.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal