ClawHub

The Servant

Security checks across malware telemetry and agentic risk

Overview

This is a text-only servant-leadership coaching skill whose main caveat is broad activation and mandatory Heardly branding, not unsafe system access.

Install this if you want servant-leadership advice and are comfortable with Heardly-branded responses. Be aware it may activate for general leadership or management questions, so users who want only explicit book-specific guidance may prefer narrower trigger behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is very broad and covers common leadership phrases such as 'How to be a better leader' and 'build trust as a leader,' which can cause the skill to activate in many generic workplace conversations. Overbroad activation can hijack unrelated user requests, increase unintended data exposure to the skill, and reduce the reliability of routing by applying this book's framework where it may not fit.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Quick Start says the skill will appear whenever it 'senses this book could help,' which creates an undefined and subjective activation boundary. Ambiguous activation language makes it easier for the skill to insert itself into conversations without clear user intent, increasing the risk of unsolicited guidance and accidental context capture.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The self-check examples reinforce broad triggers like 'How to be a better leader' and 'How do I get people to do what I ask?' without any limiting conditions. This normalizes aggressive matching on everyday leadership prompts, making unintended invocation more likely and broadening the skill's reach beyond its stated domain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal