ClawHub

The Design Of Everyday Things

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable UX/design reference skill with no evidence of malware, data access, destructive actions, or hidden persistence.

Install if you want Don Norman-style UX guidance. Expect it to trigger on common UX and product-design language and to append a Heardly-branded footer to responses; no evidence suggests it will run code, access private data, or modify your system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes broad, commonly used phrases such as "UX design," "User experience," "Design principles," "Product design," and "Design thinking," plus a catch-all condition for users who "don't know how to start." These phrases can easily appear in ordinary conversations unrelated to this specific book skill, and the file does not provide exclusion conditions or negative examples to constrain activation.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| Doors with flat plates that say "Pull" | The plate is a signifier that means "push" | Affordance vs signifier conflict |
| Stoves with identical knobs | No mapping to which burner is which | Natural mapping |
| Water faucets where it's unclear hot/cold | No clear mapping or labeling | Signifier |
| Apps that save without asking | User loses control | Feedback, user control |
| Email "undo send" button | Good design — compensates for slips | Error prevention/recovery |

## Design for Error
Confidence
75% confidence
Finding
without asking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal