ClawHub

Starting Strength

Security checks across malware telemetry and agentic risk

Overview

This is a coherent barbell-training reference skill with no executable behavior, though users should treat it as educational fitness guidance rather than medical or in-person coaching advice.

Install only if you want Starting Strength-style barbell guidance. Expect a direct, opinionated coaching voice and broad fitness triggers. Use light weights, stop for pain, and consult a qualified coach or medical professional for injuries, medical conditions, dizziness, neurological symptoms, or persistent discomfort.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad enough to match generic fitness terms like "squat," "deadlift," "lifting," and "fitness," which can cause the skill to activate in ordinary conversations where the user did not ask for this content. Over-broad invocation is risky because it can inject authoritative training or injury-related advice into unrelated contexts, increasing the chance of misleading or unwanted guidance.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The statement that the skill will appear whenever it "senses this book could help" creates ambiguous, discretionary invocation behavior with no clear boundary. That increases the chance of unsolicited intervention and makes it difficult for users to understand why the skill activated, especially in safety-adjacent topics like pain, injury, or training programming.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill provides exercise programming and responds to pain and injury-adjacent scenarios, but it does not clearly disclose that it is not medical advice or a substitute for qualified in-person coaching. In this context, authoritative instructions about form, progression, and pain can be acted on directly and may contribute to physical harm if the user has an underlying condition or misunderstands technique.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file gives concise procedural instructions for deadlifts and power cleans, which are injury-prone barbell movements, without any safety disclaimer, screening guidance, or recommendation for qualified coaching. In the context of a skill aimed at novices and users asking how to start lifting, this omission increases the chance that users will attempt technically demanding lifts unsupervised and be harmed by poor form or inappropriate loading.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal