ClawHub

Product

Security checks across malware telemetry and agentic risk

Overview

This is an informational product-building guide with no executable code or system access, though its validation tactics should be used transparently.

This skill is reasonable to install as a reference guide. When using its validation advice, be transparent with customers about unfinished or manually operated features, avoid collecting sensitive information for tests, and check platform, privacy, advertising, and consumer-protection rules before launching experiments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Fake Door Test section explicitly recommends presenting a non-existent feature to users as if it were real, but provides no guardrails around transparency, informed consent, or limits on collecting user data under false pretenses. In a product-building skill, this can normalize deceptive experimentation and lead operators to mislead users, capture interest signals dishonestly, or erode trust and create legal/compliance exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Wizard of Oz section advises making users believe a capability is automated while it is actually performed manually, without warning about deception, human access to submitted data, or privacy/security handling. In contexts involving AI features or complex logic, users may disclose sensitive inputs assuming machine processing, which raises consent, confidentiality, and trust risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal