ClawHub

The Road To Serfdom

Security checks across malware telemetry and agentic risk

Overview

This appears to be a viewpoint-oriented Hayek skill with no evidence of malware, data access, persistence, or destructive behavior, though users should treat its political and economic framing as one perspective.

Install only if you want Hayek-centered analysis. Be aware it may activate on broad political or economic terms and may frame policy questions from a free-market, anti-central-planning perspective; compare with other viewpoints before relying on it for civic, business, or policy decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill's trigger list is broad enough to activate on many ordinary discussions of economics, politics, or philosophy, including generic terms like socialism, rule of law, free markets, and central planning. Over-broad activation can cause unintended skill injection, where the skill takes over unrelated conversations, steers answers toward a single ideological frame, and bypasses normal user intent boundaries.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The cited section gives strongly one-sided political and economic prescriptions framed as default solutions ('Use Hayek's framework,' 'The solution is deregulation') without presenting limits, uncertainty, or alternative viewpoints. In a skill intended as ideological advocacy this may be expected, but as an agent skill it can still steer users toward partisan conclusions as authoritative guidance, creating a policy/manipulation risk rather than a classic software exploit.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal