ClawHub

Triage

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only triage skill that teaches an agent to prioritize tasks and remember confirmed priority preferences, with no evidence of hidden access or malicious behavior.

Install this if you want an agent to help sort tasks by urgency and learn your priority preferences. Review any learned rules periodically, and avoid storing sensitive client, personnel, or security details in override notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description promises the skill will 'auto-learn' and grow smarter from decisions, but it does not define clear invocation or update boundaries. In an agent setting, this can cause unintended activation of triage behavior or implicit state changes from ordinary conversation, leading to misprioritization and unreliable automation.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The automatic P0/P3 trigger phrases are common natural-language terms that may appear in casual discussion, quoted text, forwarded messages, or adversarial prompts. This makes the skill vulnerable to accidental or malicious reprioritization, potentially causing interruption of ongoing work or deprioritization of important tasks based on untrusted text alone.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The learning triggers are broad conversational phrases with no safeguards on source, context, or whether the statement is instructional versus descriptive. An attacker, external message, or incidental chat could therefore seed lasting priority rules, causing the system to learn incorrect patterns and bias future task routing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal