ClawHub

Self-Improving Sales

Security checks across malware telemetry and agentic risk

Overview

This sales-learning skill is not malware, but it deserves Review because it can persist sensitive sales context and recommends broad prompt hooks.

Install only if you want persistent sales-learning logs and are comfortable managing sensitive commercial data. Prefer project-local setup, use the provided sales-specific matcher instead of empty matchers, avoid global hooks, keep `.learnings/` out of shared repos unless reviewed, and redact customer names, exact quotes, transcript excerpts, pricing, contract terms, and strategy before storing or sharing entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
Although the skill warns against storing PII and exact contract values, its templates encourage exact objection quotes, competitor names, and detailed deal narratives that can still disclose confidential customer or commercial information. In sales contexts, those details can reveal account identity, strategy, pricing posture, or regulated business information even without direct PII.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The hook configuration runs on every user prompt submission, which creates broad passive monitoring of session activity and can surface sales reminders in unrelated contexts. Even if framed as opt-in, the example configuration normalizes pervasive interception without sufficiently warning users about scope, data exposure, and potential prompt leakage into hook scripts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The feature request proposes web scraping, call-transcript aggregation, and CRM auto-flagging based on competitor mentions, but does not mention consent, data minimization, retention, access controls, or legal/compliance review. In a sales skill, this creates a real privacy and governance risk because transcript data may contain personal or confidential information, and scraped/aggregated competitive data may be processed or shared in ways that violate policy or regulation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The empty matcher makes the UserPromptSubmit hook fire on every prompt, regardless of whether the session is sales-related. Because the hook executes a local command on every submission, this broad trigger unnecessarily expands monitoring scope and increases the chance of collecting unrelated or sensitive context across workflows.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The user-level configuration enables the hook globally from the home directory, causing it to persist across projects and contexts with no scope restriction. In a skill that captures deal learnings and inspects agent activity, this broad persistence raises the risk of cross-project data exposure and unintended processing of sensitive prompts.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The Codex example also uses an empty matcher, so the command hook will run for every prompt instead of only sales-related interactions. This creates unnecessary command execution frequency and broadens the set of prompts that may influence or be observed by the skill's reminder mechanism.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script inspects `CLAUDE_TOOL_OUTPUT`, which may contain sensitive command output, but provides no user-facing disclosure or consent mechanism before analyzing it for sales-related signals. In this skill context, command output could include customer names, pricing, forecast data, or other business-confidential information, creating an unintended data collection and privacy risk even though the script only emits a recommendation rather than exfiltrating data directly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal