ClawHub

eeat-signals

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a content-quality helper with only a low-impact overbroad-trigger concern, not evidence of unsafe behavior.

This looks safe to install for content-quality and credibility guidance. Users should be aware it may activate too broadly on general requests about citations or references, so the publisher should narrow the trigger wording to SEO, E-E-A-T, or content-quality contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are overly broad because they include generic terms like "citations," "references," and "credibility," which can appear in many unrelated requests. This can cause the skill to trigger outside its intended E-E-A-T scope, leading to inappropriate routing or irrelevant guidance that may override better-matched skills.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal