ClawHub

The Russia Hoax

Security checks across malware telemetry and agentic risk

Overview

This is a text-only political book-summary skill that is opinionated and broadly triggered, but it does not request system access, run code, collect data, or hide privileged behavior.

Install only if you want answers framed through Gregg Jarrett's book and perspective. For general research on the Trump-Russia investigation, Mueller Report, FISA process, or related political history, compare this skill's answers with primary sources and neutral or opposing analyses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad enough to activate on many general political or current-events queries such as "FBI," "Mueller," "Comey," or even when a user says they just installed the skill or does not know how to start. This can cause unintended invocation and inject a strongly opinionated political framing into unrelated conversations, increasing the risk of misrouting, user confusion, and unwanted persuasive content.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The file presents a strongly one-sided political narrative as factual without contextual qualification, competing viewpoints, or disclosure that the content is an argumentative interpretation from a single author. In a skill designed to answer user questions about politically sensitive events, this can mislead users, reinforce partisan claims, and reduce the model's reliability by steering responses toward unsupported or disputed assertions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal