ClawHub
Back to skill

Security audit

competitor-analysis-report-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a normal report-generation guide for competitive analysis and does not include code, install hooks, persistence, credential handling, or destructive behavior.

This appears safe to install for public competitive research and report drafting. Review generated claims and data dates carefully, and avoid providing sensitive internal strategy, customer data, or confidential pricing unless you are comfortable using it in the analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad, generic business phrases such as '/market-analysis' and '/industry-research' that can overlap with ordinary user requests outside the intended scope. This increases the chance of accidental invocation or routing of unrelated prompts into this skill, which can cause unintended data gathering, report generation, or misapplication of the skill in contexts where the user did not explicitly request competitor analysis.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The note 'Use most recent data available (标注 data date)' introduces a specific language/locale behavior by embedding Chinese text without user opt-in. While not directly security-sensitive, forced locale behavior can create confusing or inconsistent outputs, reduce predictability, and in multi-skill systems may override user language expectations or downstream formatting assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal