ClawHub

Naming

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only naming assistant with optional, disclosed local notes for naming preferences and no evidence of hidden execution or data exfiltration.

Install if you want structured help choosing names. Before enabling persistence, decide whether product names, codenames, rejected candidates, and launch constraints are acceptable to keep locally in ~/naming/, and ask the agent not to save memory if that context is sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Low
Confidence
97% confidence
Finding
The template instructs creation of persistent files under the user's home directory on first persistent use, but it does not explicitly warn the user that data will be written locally and retained across sessions. This can lead to unexpected storage of potentially sensitive naming briefs, preferences, or project context, creating a privacy and consent issue even if the behavior is not overtly harmful.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The setup text instructs the skill to establish broad activation behavior early and explicitly suggests jumping in whenever the user asks for names, renames, labels, taxonomy cleanup, or naming consistency. That scope is open-ended enough to cause the skill to trigger in situations the user did not clearly intend, which can lead to unsolicited interventions, context bleed into unrelated tasks, or persistence of behavior that affects future interactions without sufficiently narrow consent.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal