ClawHub

Prompt Engineer Agentic

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only prompt-engineering skill with broad activation wording but no code, credentials, persistence, or direct system access.

Safe to install for prompt-design assistance. Review any generated agent prompts before using them with real tools, memory, credentials, public posting, or production systems, and narrow the activation/routing language if unintended skill activation becomes a problem.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very broad terms such as "agent," "write a spec," and related everyday prompt-engineering language, which can cause the skill to activate in contexts where the user did not intend to invoke it. In an agent environment, over-broad activation can override more appropriate skills, increase prompt-surface exposure, and create unsafe or confusing behavior through unintended routing.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The module-routing rule activates the spec-builder for very general requests like "any request defining how an AI tool should behave," which is broad enough to capture many ordinary advisory or design conversations. This can cause unnecessary loading of additional instructions and context, increasing the chance of misrouting, prompt conflicts, and inappropriate behavior in downstream agent execution.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The routing definitions leave specialist identities and invocation triggers as placeholders, which creates ambiguity in how tasks are delegated in a multi-agent system. In an agentic prompt-engineering skill, unclear routing criteria can cause misrouting, inconsistent behavior, or unsafe delegation to the wrong agent, especially when later implementers fill gaps ad hoc without security constraints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal