ClawHub

Outlaw Platoon: Heroes, Renegades, Infidels, and the Brotherhood of War in Afghanistan

Security checks across malware telemetry and agentic risk

Overview

This is a text-only companion skill for a war memoir, with no hidden code or data access, though its activation language is broader than ideal.

Install only if you want a strongly branded Outlaw Platoon reading and leadership guide. Expect graphic combat themes and occasional over-eager activation on broad Afghanistan or military terms; there is no evidence of code execution, credential use, persistence, or data exfiltration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is unusually broad and includes generic phrases such as asking about Afghanistan, combat, or leadership, plus many keyword mentions. This can cause the skill to activate in conversations where the user did not intend to invoke this content, creating prompt-scope confusion and increasing the chance the skill overrides the assistant’s normal routing and response behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill instructs the AI to proactively present a Quick Start when the user says they just installed the skill or does not know how to start, without a precise invocation boundary. That ambiguity can lead to unsolicited behavior or the skill taking over responses outside a clearly authorized activation event, which is a form of overreach in agent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal