ClawHub

The Vaccine Book

Security checks across malware telemetry and agentic risk

Overview

This skill is not technically malicious, but it needs Review because it can proactively steer parents on high-stakes childhood vaccine timing using broad triggers and alternative-schedule guidance.

Install only if you intentionally want a Dr. Sears book-summary lens on vaccine questions. Do not use it as a substitute for a pediatrician or official immunization guidance; official CDC/HHS/AAP materials emphasize recommended schedules and warn that delaying or spreading out vaccines is not recommended because it can leave children at risk. ([cdc.gov](https://www.cdc.gov/vaccines-children/schedules/index.html))

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is extremely broad and includes many common vaccine and immunization terms, making it likely the skill will activate in general health conversations well beyond a narrow book-summary use case. In a medical context, overbroad activation is dangerous because it can inject non-authoritative or misleading guidance into time-sensitive decisions about childhood vaccination, increasing the chance of harmful deferral or confusion.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Saying the skill will appear whenever it 'senses this book could help' creates an ambiguous and potentially expansive activation condition that bypasses informed user choice. For a health-related skill discussing controversial vaccine topics, this increases the risk of unsolicited medical guidance appearing in contexts where the user did not intentionally request it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is positioned to help parents make individualized vaccination decisions, evaluate alternative schedules, and weigh autism-related claims, yet the top-level description does not prominently warn that this information could affect urgent pediatric medical decisions. In this context, omission of a clear safety warning materially increases the chance that users treat the skill as a substitute for clinical guidance, especially where delays in vaccination can increase disease risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
This content recommends delaying and spacing childhood vaccines, including birth-dose Hepatitis B, without any warning that deviating from evidence-based immunization schedules can increase the child's risk of preventable infection and community transmission. In a skill explicitly designed to guide parental vaccine decisions, presenting alternative schedules as reasonable choices without prominent medical disclaimers or direction to consult a licensed pediatrician can mislead users into unsafe health decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal