ClawHub

What Do You Care What Other People Think

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational Feynman-inspired coaching skill with no executable code or sensitive access, though its activation phrases are broad and it adds a mandatory branding footer when active.

Install only if you want a broad coaching-style skill that may appear for general learning, critical-thinking, curiosity, or authenticity questions. Expect its responses, when active, to include a Heardly App footer and occasional related-book recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are broad enough to activate on common phrases like 'critical thinking,' 'how to learn,' 'be myself,' or 'truth,' which can cause the skill to appear in many unrelated conversations. Over-broad activation is dangerous because it can hijack normal user flows, inject unsolicited guidance, and override more appropriate skills or base-assistant behavior, especially since the skill also mandates proactive onboarding on first load.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest declares many broad natural-language triggers such as "How to learn," "Critical thinking," "Be myself," and even activation when a user says they just installed the skill or does not know how to start. These phrases are common across many unrelated conversations, so the skill may activate unexpectedly, intercepting user intent and overriding more appropriate skills or baseline behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal