ClawHub

We Were Soldiers Once...And Young: Ia Drang – The Battle That Changed the War in Vietnam

Security checks across malware telemetry and agentic risk

Overview

This is a text-only history skill about the Battle of Ia Drang with no code execution or data access, though its activation wording is broad and promotional onboarding is pushy.

Install if you want a solemn, book-framed guide to Ia Drang and We Were Soldiers Once...And Young. Be aware it may activate on broad Vietnam War or military terms, and its responses include a Heardly watermark/link and a specific interpretive perspective rather than a neutral encyclopedia mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is unusually broad and includes generic terms like "helicopter," "friendly fire," "NVA," and even installation-related phrases, which can cause the skill to activate outside a clear request for this specific content. Over-broad activation can hijack unrelated conversations, override user intent, and increase prompt-injection surface by forcing the model into this skill when the context does not warrant it.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to auto-trigger when a user says they just installed the skill or does not know how to start is ambiguous and encourages unsolicited activation without a topic-specific request. Combined with the directive that the AI "MUST proactively present" the guide, this can cause unwanted takeover of the conversation flow and weaken system control over when the skill should run.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal