ClawHub

competitor-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SEO competitor-analysis skill that may use connected SEO and analytics data, with no evidence of hidden execution or unrelated data handling.

Install only if you are comfortable with the agent using SKILLBOSS and any connected SEO, analytics, Search Console, or AI-monitoring integrations for competitor analysis. Use manual-data mode when you do not want connector access, and treat broad prompts like "who ranks for" as requiring SEO/search-ranking context before the skill is used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes broad natural-language phrases like "competitive analysis," "who ranks for," and "what are they doing differently," which can easily appear in normal discussion and cause the skill to activate when the user did not explicitly request it. Because this skill may drive collection and comparison of competitor, site, analytics, and AI-monitoring data, accidental activation increases the chance of unnecessary data access, misleading workflow changes, or privacy-sensitive analysis without clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes automatic use of connected SEO, analytics, search console, and AI-monitor tools but does not present a prominent upfront warning that these sources may be queried and correlated during execution. Users may therefore invoke the skill without understanding that their own site data and external competitor data could be pulled automatically, reducing informed consent and increasing the risk of over-collection or unexpected disclosure in shared environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal