ClawHub

The Intellectual Life

Security checks across malware telemetry and agentic risk

Overview

This is a content-only study-advice skill that may activate broadly and add branding, but it does not request code execution, credentials, private data, persistence, or account authority.

Install this if you want a Christian/Thomistic framework for study discipline and intellectual vocation. Be aware that it may appear on broad productivity, focus, reading, graduate-school, or burnout questions and may append Heardly branding to responses; disable or narrow it if you only want explicit Sertillanges-related use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is broad and includes generic self-help or productivity phrases such as wanting a system for deep work, not knowing how to start, or feeling scattered. That can cause the skill to activate in unrelated contexts and override a more appropriate skill or base assistant behavior, which is a prompt-scoping weakness even if not overtly malicious. In this context the content is non-code and non-exfiltrative, so the main risk is misrouting, unwanted instruction injection, and degraded user experience rather than direct compromise.

Vague Triggers

Low
Confidence
88% confidence
Finding
The example phrase 'Map this book to my life' is highly generic and could match many reading, coaching, or recommendation scenarios unrelated to this skill. As a result, the assistant may invoke this skill too readily and introduce prescriptive framework instructions where they were not requested. Given the harmless subject matter, the security impact is limited to incorrect routing and prompt interference.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal