ClawHub

The Womanly Art Of Breastfeeding

Security checks across malware telemetry and agentic risk

Overview

This is a text-only breastfeeding guidance skill, but it gives health-adjacent infant-feeding advice with broad activation triggers and inconsistent safety caveats.

Review this skill carefully before installing if you may rely on it for feeding or health decisions. It should be treated as general educational support only, and users should seek a pediatrician, clinician, or lactation consultant for fever, severe or worsening pain, jaundice, poor weight gain, dehydration signs, too few wet diapers, poor feeding, or any urgent concern.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very broad breastfeeding-related terms such as 'latch,' 'nursing,' 'pumping,' and 'breast milk,' which can cause the skill to activate during general conversation rather than when the user explicitly wants this resource. In a health-adjacent skill, unintended activation is more concerning because it can inject medical or quasi-medical guidance into unrelated contexts and crowd out safer, more tailored responses.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill provides breastfeeding troubleshooting and references to conditions like clogged ducts, mastitis, thrush, pain, and milk supply without a clear upfront warning that it is not a substitute for professional medical care. In this context, the omission is more dangerous because users may rely on the skill for time-sensitive maternal or infant health issues, delaying contact with a doctor, lactation consultant, or emergency care when symptoms are serious.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is unusually broad and includes many common conversational phrases and generic terms like "latch," "nursing," "pumping," and "milk supply," plus a rule to activate when users say they just installed the skill or do not know how to start. This can cause the skill to activate outside clear user intent, leading to unsolicited health-related guidance in unrelated contexts and increasing the chance of inappropriate or mistimed medical-adjacent responses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance presents a broad rule to avoid supplementation and to 'nurse through the difficulty' without an immediate, prominent clinical caveat for situations where supplementation is medically necessary. In a breastfeeding-help skill used by sleep-deprived new parents, this can delay care or feeding intervention for infants with dehydration, hypoglycemia, poor weight gain, jaundice, or ineffective milk transfer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section gives medical-style breastfeeding advice for engorgement and nipple pain troubleshooting without clear escalation guidance for symptoms that may indicate mastitis, infection, poor infant intake, or other conditions requiring individualized clinical assessment. In a breastfeeding support skill, users may rely on this content instead of seeking timely care, which can delay treatment and worsen outcomes for parent or infant.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The content consistently frames the user as a woman or mother, which can exclude or alienate non-binary parents, trans men, adoptive parents inducing lactation, or other caregivers seeking breastfeeding support. In a health-related support skill, this can reduce trust, discourage use, and lead some users to miss important guidance or support resources because they do not feel the skill applies to them.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal