ClawHub

What To Expect When Youre Expecting

Security checks across malware telemetry and agentic risk

Overview

This is a pregnancy-advice prompt skill with no code or install risk, but it should be reviewed because it can proactively give medical-style guidance without enough clinical safety boundaries.

Install only if you want a book-style pregnancy reference, not a medical decision tool. Users should confirm supplement use, abnormal symptoms, testing results, labor concerns, delivery choices, and postpartum complications with a qualified prenatal clinician or urgent care as appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is extremely broad and includes common health-related phrases and generic mentions such as pregnancy, postpartum, anxiety, and having taken a pregnancy test. This can cause the skill to activate in conversations where the user did not explicitly request this book-based guidance, leading to unsolicited or mis-scoped medical-style advice in a sensitive health context.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The instruction to proactively present the guide on first load without waiting for user input bypasses normal user intent checks and creates ambiguous activation. In a health-related skill, unsolicited onboarding can steer the conversation toward sensitive medical topics and override user expectations about when specialized guidance should appear.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document gives concrete pregnancy symptom-management advice, including supplement dosing and self-treatment steps, without a clear warning that users should confirm safety with an OB/GYN, midwife, or other qualified clinician. In a pregnancy context, even generally common advice can be inappropriate for specific users due to complications, contraindications, medications, or symptom severity, creating a risk that users delay proper evaluation or self-manage something more serious.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This section discusses prenatal testing, labor recognition, and delivery decisions in a way that could be read as sufficient standalone guidance, but it lacks explicit warnings that abnormal results, bleeding, rupture of membranes, reduced fetal movement, or labor concerns require prompt clinical assessment. Because these topics involve time-sensitive maternal-fetal risks and decisions with major consequences, omission of escalation guidance increases the chance of dangerous delay or false reassurance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal