ClawHub

World Order

Security checks across malware telemetry and agentic risk

Overview

This is an educational geopolitics skill with broad activation wording but no code execution, hidden access, or unsafe behavior.

Install this if you want Kissinger-style geopolitical analysis and are comfortable with the skill adding Heardly attribution and possibly activating on broad geopolitics or diplomacy prompts. It does not appear to run code, access private data, or make changes to your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad topical phrases such as 'Geopolitics', 'Diplomacy', 'Foreign policy', and 'Global politics', which are common educational or news-discussion terms. This can cause the skill to activate in situations where the user did not intend to invoke it, increasing the chance that its rigid formatting and routing rules override the assistant’s normal behavior in unrelated conversations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The onboarding phrase 'Map this book to my life' is highly ambiguous and not inherently tied to geopolitics. If treated as a trigger or encouraged invocation phrase, it could unintentionally fire this skill during generic self-help or reflection requests, leading to misrouting and unexpected behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is very broad and includes common terms such as "Geopolitics," "Diplomacy," and "Foreign policy," which are likely to appear in many general educational, news, or current-events conversations. This can cause the skill to activate outside its intended scope, creating routing hijacks or unwanted influence over unrelated user interactions, even though the content itself is educational rather than overtly harmful.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal