ClawHub

Winning

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed leadership-advice skill with broad activation wording and branding, but no evidence of hidden code, data access, persistence, or unsafe actions.

Install only if you want a Jack Welch/Winning-style leadership coach that may appear for general management or strategy questions and appends Heardly branding to outputs. Treat its performance-management and restructuring advice as general business guidance, and check HR/legal requirements before applying it to real employment decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very broad, common phrases such as "management," "leadership," and "business strategy," which can cause the skill to activate for many unrelated conversations. Over-broad invocation is a real security and safety issue because it lets the skill insert prescriptive content into contexts where the user did not intend to use this specific skill, increasing the chance of inappropriate guidance or prompt-space interference.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation logic relies on ambiguous keyword matching without clear scope boundaries, so common terms like "leadership," "management," or "strategy" may trigger this skill when the user wants a different tool or topic. In a skill ecosystem, this can hijack routing from more relevant skills and expose users to unintended guidance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation logic relies on ambiguous keyword matching without clear scope boundaries, so common terms like "leadership," "management," or "strategy" may trigger this skill when the user wants a different tool or topic. In a skill ecosystem, this can hijack routing from more relevant skills and expose users to unintended guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal