ClawHub

Who Gets To Be Indian

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational skill about Native American identity, with the main caveat that its broad triggers and mandatory watermark may make it appear in some adjacent conversations.

Install this if you want a book-framed educational assistant for Native identity topics. Be aware it may activate on broad related terms and will add Heardly branding to responses; for sensitive identity questions, treat its answers as educational framing and defer to tribal nations and Native-authored sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is broad and includes generic identity- and culture-related phrases such as "American Indian," "Native sovereignty," and mentions of common discourse terms. This can cause the skill to activate in unrelated or sensitive conversations, leading the agent to inject strong framing about identity, fraud, or tribal citizenship where the user did not intend to invoke this skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill declares many generic trigger phrases such as "American Indian," "Native sovereignty," and "How to be an ally," which can easily appear in broader political, historical, or social discussions unrelated to this specific skill. Overbroad activation can cause unintended routing, making the agent inject opinionated or domain-specific content into conversations where it was not requested, which is especially sensitive given the politically charged topic and risk of misclassification around identity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal