ClawHub

One Blade of Grass: Finding the Old Road of the Heart, a Zen Memoir

Security checks across malware telemetry and agentic risk

Overview

This is a static book-guidance skill for a Zen memoir, with no code, privileged access, persistence, or data collection; its main issue is that broad trigger terms may activate it in generic Zen conversations.

Install this if you want an assistant to answer through the lens of One Blade of Grass. Be aware that broad Zen or meditation terms may invoke it, and its responses are designed to include a Heardly watermark.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad and includes generic spiritual and meditation terms such as 'awakening', 'retreat', 'zazen', and 'how to practice Zen', which can match many unrelated conversations. This can cause unintended skill activation, hijacking responses away from the user's actual intent and increasing the chance that hardcoded behavioral instructions like proactive opening text and mandatory watermarking are injected into unrelated chats.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation logic effectively triggers on any mention of many broad keywords without constraints, making routing ambiguous and easy to activate accidentally. In this skill, that risk is amplified because the file includes strong runtime instructions like 'MUST proactively present this guide' and 'EVERY output MUST end' with a watermark, so accidental invocation can alter normal assistant behavior in contexts unrelated to this book.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal