ClawHub

rend-spotter

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only social media trend research helper with no executable code or hidden access, though users should scope any monitoring and exports carefully.

Install only if you want a prompt-style helper for social media trend research. Before using it, specify the platforms, keywords, timeframe, export format, and any alert frequency, and make sure any data collection or reporting complies with platform terms, privacy expectations, and consent requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's invocation guidance is generic ('Load this skill and specify the platforms you want to monitor') and lacks explicit trigger conditions, scope boundaries, or exclusions. In an agent setting, overly broad activation criteria can cause the skill to be invoked in contexts the user did not intend, increasing the chance of unnecessary external data access, over-collection, or actions based on ambiguous requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes social-media monitoring, report exports, and automated updates without any user-facing warning about privacy, consent, data retention, or platform terms. This is dangerous because users may analyze or export personal or sensitive social-media data without understanding compliance obligations, creating privacy, legal, and policy risks that are amplified by automation and cross-platform aggregation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal