ClawHub

Prompt Engineering

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only prompt-writing aid with no hidden execution, credential use, network access, or persistence.

This skill is reasonable to install as a prompt-design reference. Review generated prompts before using them in high-stakes contexts, avoid including secrets or unnecessary personal data in prompt examples, and prefer wording that asks for concise explanations or verifiable rationale rather than hidden internal reasoning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation criteria are very broad, covering prompt creation, optimization, improvement, and translating vague requirements. In an agentic environment, this can cause the skill to trigger on many normal conversations and route general-purpose requests through a powerful prompt-shaping workflow, increasing the chance of unintended instruction capture, prompt laundering, or inappropriate interception of tasks better handled by more specific skills.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
This documentation explicitly recommends eliciting step-by-step reasoning with phrases like 'Show your reasoning' and 'Explain how you arrived at this answer.' In an agent skill, that normalizes requesting internal reasoning rather than safer summaries or concise justifications, which can increase disclosure of sensitive intermediate analysis and encourage prompt patterns that conflict with modern safe prompting guidance.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The metacognitive section encourages prompts that ask the model to reflect on its own thinking process and explain assumptions in detail. While useful pedagogically, this can push users toward extracting internal deliberation patterns instead of bounded, policy-aligned explanations, making the skill more likely to generate unsafe prompt templates for downstream use.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal