ClawHub

competitor-analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal SEO competitor-analysis skill, with only a minor concern that its broad trigger phrases could activate it unintentionally.

Install if you want SEO competitor research and are comfortable using SkillBoss for that work. Keep the API key private, expect competitor domains and research queries to be sent to the SEO provider, and invoke the skill with explicit SEO/competitor-analysis requests to avoid accidental activation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description includes broad natural-language trigger phrases such as "who ranks for" and "what are they doing differently," which can plausibly appear in ordinary discussion and cause unintended activation of this skill. Because the skill is designed to gather and analyze competitor intelligence, accidental invocation could steer the agent into collecting external data, making market judgments, or using networked integrations when the user did not explicitly request that behavior.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest trigger list contains multiple ambiguous phrases without disambiguation rules, including short, generic prompts like "competitive analysis," "who ranks for," and "what are they doing differently." In an agent ecosystem, these broad triggers increase the chance of incorrect tool/skill routing, which can lead to unnecessary data access, misleading outputs, or execution of a more invasive workflow than the user intended.

VirusTotal

No VirusTotal findings

View on VirusTotal