Claw Talk

Security checks across malware telemetry and agentic risk

Overview

This is a simple communication-coaching skill with no executable code or privileged access, though its broad trigger phrases may activate it more often than users expect.

This appears safe to install as an instruction-only speaking and conversation coach. Be aware it may be selected for ordinary requests about presentations or public speaking, so avoid sharing sensitive personal or workplace details unless you intend the assistant to use them in coaching output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger list includes very generic phrases such as "voice chat," "talking points," "presentation script," and "public speaking," which are common in everyday user requests and likely to cause unintended activation. Over-broad routing can misdirect unrelated conversations into this skill, leading to incorrect handling, privacy concerns if sensitive discussions are funneled into the wrong tool, and degraded system trust.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal