ClawHub

Presentation Advantage: How to Inform and Persuade Any Audience

Security checks across malware telemetry and agentic risk

Overview

This appears to be a presentation-coaching skill with no malware signal, but its activation wording is broad enough that users may see it trigger too often.

Install only if you want presentation-coaching behavior to appear in presentation-related chats. Be aware the trigger language may be broad, so it could activate in adjacent conversations about design, audience, credibility, or speaking even when you did not intend to use this specific framework.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill advertises activation on a very large set of generic presentation-related phrases, including ordinary terms like "present," "audience," "design," and "connect." This creates a real risk of unintended invocation, causing the assistant to enter this skill in contexts where the user did not request it, which can override expected behavior and degrade trust; the "MUST proactively present this guide" instruction increases the blast radius once accidentally triggered.

Vague Triggers

High
Confidence
98% confidence
Finding
The activation condition allows the skill to trigger on mere mention of many broad terms rather than a clear request for this specific skill. In practice, this can hijack unrelated conversations about slides, design, credibility, or public speaking, and because the skill instructs the AI to respond proactively and enforce a fixed output watermark, accidental activation can materially interfere with normal assistant operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal