ClawHub

OnlyBaby

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only local log summarizer, but its pregnancy and newborn health wording should be treated as informational rather than medical advice.

Install only if you are comfortable letting the agent read the referenced contraction and baby log JSON files. Use outputs as a structured summary for discussion, not as diagnosis or reassurance; contact a midwife, OB, paediatrician, or emergency services for worrying symptoms, uncertainty, or urgent concerns.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description allows activation for broad questions like whether 'mum is safe' or 'baby is healthy' based on referenced files, which is a sensitive medical-use case without tight gating. Over-broad triggering in a health context can cause the agent to provide quasi-medical triage or reassurance when the user did not explicitly request this specific analysis, increasing the risk of inappropriate reliance.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The 'When to Use' section is ambiguous about whether both data sources are required and whether generic summary requests should invoke the skill. In a medical context, ambiguous activation can cause the agent to proceed with partial data and produce incomplete or misleading health/safety conclusions for mother or baby.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill performs maternal labor assessment and infant feeding/diaper health evaluation, but the warning appears only as a brief caveat at the end rather than a strong upfront limitation. Users may rely on the generated 'Mum safe?' and 'Baby healthy?' verdicts during time-sensitive medical situations, delaying contact with clinicians or emergency care.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This is a true safety vulnerability. The file provides concrete labour, feeding, and diaper thresholds plus directive verdicts like 'Mum safe', 'Seek care', and 'Baby healthy' before clearly warning that the content is only supportive and not medical advice; the caveat appears only at the end. In a health-related skill involving pregnancy, labour, newborn feeding, and dehydration risk, users may rely on these rules as triage guidance and delay professional care if the model presents them too authoritatively.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal