ClawHub

The Founders Speech To A Nation In Crisis

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational skill, but its bundled metadata contradicts the visible skill identity and its activation rules are broad enough to steer unrelated civic or political conversations.

Review this carefully before installing. It does not appear to run code or access private data, but the metadata/title/author mismatch should be fixed before users rely on it, and the activation rules should be narrowed so it only appears when users explicitly want this Founders-focused book or constitutional-history framing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest metadata materially contradicts the skill's declared purpose, author, and subject matter: the skill is presented as a Founding Fathers educational toolkit, while _meta.json identifies a different work by Curtis Yarvin/Mencius Moldbug with neoreactionary and authoritarian themes. This kind of identity mismatch is dangerous because it can mislead routing, trust decisions, moderation, and user consent, enabling deceptive delivery of politically extreme or unintended content under an innocuous label.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is extremely broad and includes many common civic, educational, and historical phrases such as 'Constitution explained,' 'free press,' and names of major Founders. This can cause the skill to activate in unrelated discussions, creating prompt hijacking of user intent, crowding out safer or more relevant skills, and forcing ideological framing where the user did not request it.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to trigger when a user 'just installed this skill or doesn't know how to start' is ambiguous and mandates proactive behavior without a precise gating condition. In a multi-skill environment, this can cause unsolicited injections of the skill's onboarding content into unrelated conversations, overriding normal assistant behavior and confusing users about why the skill activated.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The routing instruction uses broad topical phrasing such as questions about morality, religion in public life, virtue, and conscience, which are common in many benign conversations outside this skill’s narrow purpose. That can cause over-triggering and unsolicited ideological or religious framing, increasing the chance the agent injects this skill into unrelated user requests and steers the conversation unexpectedly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal