ClawHub

Belief Assessor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent claim-checking helper with no malware signals, but users should know it may route claims through host search or LLM processing.

Install only if you want an opinionated fact-checking workflow that may search the web and may pass claim/evidence text to your agent's LLM tooling. Avoid using it for confidential, proprietary, or sensitive personal allegations unless your host agent is configured to keep searches and model calls within your acceptable data-handling boundaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to match common phrases like asking whether something is true or trustworthy, which can cause the skill to activate in many normal conversations. In this skill, automatic activation is coupled to a mandatory evidence-search workflow, so over-triggering can unexpectedly route benign user inputs into external search-driven processing and change agent behavior without clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to perform mandatory external evidence searches but does not clearly warn users that their prompt content or derived claims may be sent to host search tools. This creates a privacy and transparency risk because sensitive or proprietary user inputs could be used in external lookups unexpectedly, especially given the auto-workflow language requiring search first.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends raw claim and evidence text to an injected LLM function, and there is no built-in disclosure, consent, or data-handling control around that transfer. In a belief-assessment context, users may submit sensitive allegations, personal data, or confidential evidence, so silent forwarding to an external model endpoint can create privacy, compliance, and data-governance risk.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The configuration assigns materially higher trust scores to a narrow set of mostly English-language institutional and Western media domains, while giving lower default trust to broader sources without any user opt-in, locale rationale, or transparency controls. In a belief-state engine, these hard-coded priors can systematically skew truth assessments, suppress credible non-listed sources, and introduce geopolitical or cultural bias into downstream reasoning presented as calibrated confidence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal