ClawHub

MVP

Security checks across malware telemetry and agentic risk

Overview

This is a text-only MVP guidance skill with no executable behavior, but users should apply its validation tactics transparently and responsibly.

Safe to install as business guidance. Before using the validation tactics with real customers, add clear disclosures for manual or unfinished services, collect only necessary personal data, provide a privacy notice, and use payment flows with receipts and easy refunds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The 'Wizard of Oz' section explicitly says the user thinks the system is automated when it is actually being operated manually, which is a deceptive pattern. Without clear consent, this can mislead users about product capabilities, expose their data to unexpected human access, and create legal or reputational risk around transparency and privacy.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The landing page guidance instructs the reader to collect email signups and drive traffic, but omits any privacy, consent, retention, or data-handling expectations. That omission can lead operators to gather personal data without notice or lawful basis, increasing the risk of spam complaints, privacy violations, or mishandling of collected contact information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The pre-sell section encourages taking payment before the product exists, but provides no safeguards around disclosure, refund mechanics, delivery uncertainty, or charge handling. This can result in misleading customers, payment disputes, regulatory exposure, and financial harm if buyers are not clearly informed or cannot easily obtain refunds.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal