ClawHub

Home Renovation

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent home-renovation planning helper that stores project notes locally, with no evidence of hidden external access or unsafe actions.

Install this only if you want local renovation project tracking. Treat ~/home-renovation/ as potentially sensitive because it may contain budgets, contractor contacts, home details, and timelines; choose on-request or declined tracking if you do not want the assistant to reuse renovation context later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction says to read this when `~/home-renovation/` doesn't exist or is empty and to "Start the conversation naturally," but it does not define a clear user-facing trigger phrase or narrow activation context. This could cause unintended invocation because the skill may engage based on filesystem state alone without clear boundaries or exclusion conditions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The file instructs saving user preferences to `~/home-renovation/memory.md`, and later describes storing budget, contractor information, and project details. While storage locations are listed, the skill does not clearly warn the user that their personal renovation data will be persisted locally and may include sensitive household or financial information.

Hidden Instructions

High
Category
Prompt Injection
Content
integration: pending

## Active Projects
<!-- List current renovation projects -->
<!-- Example: Kitchen remodel - started Jan 2026, budget $40K -->

## Context
Confidence
70% confidence
Finding
<!-- List current renovation projects --> <!-- Example: Kitchen remodel - started Jan 2026, budget $40K -->

Hidden Instructions

High
Category
Prompt Injection
Content
<!-- Example: Kitchen remodel - started Jan 2026, budget $40K -->

## Context
<!-- What you've learned about their situation -->
<!-- Their home type, location (for cost context), experience level -->

## Notes
Confidence
70% confidence
Finding
<!-- What you've learned about their situation --> <!-- Their home type, location (for cost context), experience level --> ## Notes <!-- General preferences observed --> <!-- e.g., "prefers getting 3

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal