ClawHub

The How Not To Die Cookbook

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it can surface broad health advice and strong disease-reversal claims with limited runtime safeguards.

Review this before installing if you or users may rely on it for health decisions. Treat it as general plant-based cooking and nutrition education only, not diagnosis or treatment advice; consult a qualified clinician before changing disease treatment, supplements, medications, or major diet patterns.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger conditions include many generic health, cooking, and nutrition terms such as 'recipes,' 'cooking,' 'exercise,' 'heart disease,' and 'healthy eating,' which can cause the skill to activate for a wide range of unrelated user requests. This creates unintended invocation risk, where the assistant may inject this skill's medical and dietary guidance into conversations that did not request it, increasing the chance of inappropriate or misleading health advice being surfaced out of context.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The metadata repeatedly claims the skill can 'prevent and reverse disease through diet' without adequate qualification, gating, or clear limitation to general educational content. In a health-related skill, such unqualified therapeutic claims can mislead users into treating the skill as medical guidance and may discourage appropriate professional care or create unsafe expectations about disease treatment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal