ClawHub

SAAS Revenue Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a SaaS revenue-analysis guide with placeholder helper files and no evidence of hidden access, credential use, persistence, or destructive behavior.

Installers should treat this as a lightweight advisory guide, not a connected revenue dashboard. Avoid providing sensitive customer or financial data unless you are comfortable sharing it with your agent, and verify any business targets or recommendations against your own financial model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a mismatch because the declared purpose describes a functional SaaS revenue and metrics tracking tool, but the actual code does not implement that purpose at all. It only prints a placeholder message and includes comments indicating that real logic has not been added yet. There are no hidden extra capabilities, but the primary purpose differs materially from the description because the described functionality is absent.

Vague Triggers

Low
Confidence
85% confidence
Finding
This is a markdown/manifest-scoped trigger description, and the phrase 'Use to monitor SAAS revenue, MRR growth, customer metrics, and profitability' describes a broad class of common business-analysis requests rather than a narrow invocation condition. It does not specify boundaries, explicit trigger phrases, or exclusion cases, which could lead to unintended activation for general business discussions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal