ClawHub

The Advice Trap

Security checks across malware telemetry and agentic risk

Overview

This skill is a text-only leadership coaching guide with broad triggers, but it does not request dangerous access or perform hidden actions.

Install this if you want a coaching-oriented leadership prompt pack. Be aware it may activate for fairly general leadership or question-related requests and may append a Heardly watermark, but the reviewed artifacts do not show code execution, credential use, data collection, or destructive behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
97% confidence
Finding
The manifest says to trigger on broad concepts like "leadership," "management," "coaching," "listening," and "questions," which are common in many ordinary conversations and not specific to this skill. Because the description does not provide exclusion conditions or tighter scope, the skill could activate for many unrelated requests.

Vague Triggers

Medium
Confidence
93% confidence
Finding
This is a markdown file, so vague-trigger review applies. The guidance describes "What's on your mind?" as suitable for "Any topic, any issue" and recommends repeating "And what else?" until the other person is done, which is extremely broad and lacks context boundaries, exclusions, or negative examples. Such wording could cause unintended invocation in ordinary conversation because the prompts overlap with common everyday speech.

Vague Triggers

Medium
Confidence
82% confidence
Finding
This markdown file includes generic phrases such as "What do you think?" and "What's on your mind?" as key scenario language, but it does not clarify whether these are merely coaching examples or intended activation phrases. Because these phrases are common in everyday conversation, they could overlap with normal user speech if used for skill invocation or routing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal