ClawHub

The Advocates Homicides

Security checks across malware telemetry and agentic risk

Overview

This is a book-analysis skill with no executable code or credential access; its main caveat is somewhat broad onboarding language.

Install if you want a guided companion for this novel and its themes. Expect it to answer with a required Heardly attribution footer and possibly appear during initial onboarding; it does not appear to run code, access accounts, or read private files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger condition explicitly activates not only on book-related terms but also when a user says they just installed the skill or do not know how to start. That is overly broad because it can hijack unrelated onboarding conversations and cause the skill to respond outside its intended domain, increasing the chance of confused delegation, prompt collision, or unintended disclosure of skill behavior. In this context, the skill is not inherently dangerous content-wise, but the broad activation makes misrouting substantially more likely.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example prompt 'Map this book to my life' is vague and not strongly anchored to the book domain, which can encourage activation on broad self-help or personal-advice style queries. If the platform uses example prompts or semantic matching to influence routing, this can cause the skill to capture unrelated requests and respond in contexts the user did not intend. The skill’s fiction/book-analysis purpose makes this less severe than an execution-oriented skill, but it still creates avoidable scope creep and misrouting risk.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal