ClawHub

The Big Leap

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable self-help skill, but users should treat its health-related framing as non-medical guidance.

Install only if you want a Big Leap-style coaching framework. Do not rely on it for medical, mental-health, financial, or relationship decisions; seek qualified professional help for symptoms, distress, or high-stakes choices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The text states that physical symptoms after success are 'often upper limits, not medical conditions,' which is an unsupported health-related claim presented in a self-help context. Even with a brief mention of seeing a doctor, this framing can encourage users to reinterpret real symptoms as psychological self-sabotage, potentially delaying appropriate medical evaluation or treatment.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The line specifically tells users that if a doctor says 'nothing is wrong,' they should consider an 'upper limit' explanation. This suggests symptoms may be psychological or non-medical based on a negative finding alone, which is dangerous because many conditions are intermittent, hard to detect, or require further workup; users may stop pursuing care prematurely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger condition is overly broad because it activates on generic phrases like a user saying they just installed the skill or do not know how to start, even when they are not asking about this book or topic. This can cause the skill to hijack unrelated conversations, override more appropriate skills, and steer users into unsolicited self-help guidance, which is especially problematic in ambiguous or sensitive contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal