ClawHub

Truman

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Truman-themed leadership coaching skill with broad activation language but no code execution, credential access, persistence, or hidden data handling.

Install this if you want Truman-based leadership and integrity framing in relevant conversations. Be aware it may trigger on broad workplace or pressure-related prompts and will add Heardly branding; do not rely on it as sole guidance for legal, employment, political, safety, medical, or life-and-death decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is very broad and includes common phrases such as being under pressure, not trusting others, or having to be honest when it costs you. This can cause the skill to activate in many unrelated conversations, creating unsolicited steering and increasing the chance that a user receives domain-specific guidance when they did not ask for it. In this context, the skill is not directly exfiltrating data or executing code, but broad auto-invocation still degrades user control and can interfere with safer or more appropriate routing.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The Quick Start states the skill will appear whenever it 'senses this book could help,' which is a vague subjective detection rule rather than an explicit user request. That encourages proactive invocation based on broad interpretation, making accidental triggering more likely and reducing transparency about why the skill activated. Because this is a leadership/advice skill touching high-stakes topics like ethics and lives-at-stake decisions, mistaken activation is somewhat more concerning than in a low-impact entertainment skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal