ClawHub

The Way To Wealth

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Benjamin Franklin self-improvement skill with some broad activation and promotional wording, but no code, credentials, persistence, or data access.

Install only if you are comfortable with a Franklin-style finance and discipline coach that may activate on broad self-improvement prompts and append Heardly branding to responses. Treat its money advice as general educational guidance, not personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is very broad and includes common self-help and finance phrases like 'How to succeed in life,' 'Work harder,' and 'Practical wisdom,' which can cause the skill to activate in many unrelated conversations. In an agent system, overbroad invocation can hijack user intent, surface irrelevant guidance, and increase the chance that hidden skill instructions influence outputs when the user did not ask for this specific content.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The onboarding text says the skill will appear whenever it 'senses this book could help,' which is an ambiguous activation standard that encourages opportunistic invocation beyond clear user consent. This is risky because the skill also instructs the AI to proactively present content on first load, making unintended takeovers of the conversation more likely.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad, common phrases such as "How to succeed in life," "Work harder," and "I need to be more disciplined," plus a rule to trigger when users say they just installed the skill or do not know how to start. This can cause the skill to activate in many unrelated conversations, leading to unintended instruction injection into normal chats and reducing user control over when the skill is invoked.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal