ClawHub

Error Message Improver

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only error-message writing aid, with broad activation wording but no evidence of malware, credential access, persistence, or destructive behavior.

Install if you want an assistant workflow for improving error messages, but expect it may be invoked too often on general debugging or support requests unless the publisher narrows the trigger wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger sentences are generic enough to match ordinary user requests about help, workflows, or error messages, which can cause the skill to activate when the user did not explicitly intend to invoke it. Over-broad activation is a real security and safety concern because it increases prompt-surface area and can unexpectedly steer unrelated conversations into the skill's instruction set.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match ordinary support and productivity requests, which can cause the skill to activate outside its intended scope. In an agent environment, overbroad activation increases the chance that this skill intercepts unrelated user tasks and influences responses when a more appropriate skill or default behavior should have been used.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to match many ordinary debugging, support, and productivity requests, which increases the chance of accidental or unnecessary invocation. Over-broad routing can cause the wrong skill to handle user input, leading to confusing outputs, policy bypass through misclassification, or unintended exposure of sensitive troubleshooting context to a workflow not specifically intended for it.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger keywords are generic terms like debugging, support, and troubleshooting, which are common across many unrelated tasks and make unintended activation likely. Without exclusion conditions or context checks, the skill may intercept broad classes of requests and steer execution toward this workflow even when a more appropriate or safer skill should be selected.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keywords and example invocations are broad enough to overlap with ordinary debugging, support, and productivity requests, which can cause the skill to activate when the user did not intend to use it. In an agentic environment, accidental activation can steer conversations, introduce unrequested workflow changes, or override more appropriate skills, creating prompt-routing and least-surprise problems rather than direct code-execution risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation, but the trigger description is broad and vague, covering general topics like productivity, debugging, support, and workflows. This can cause the agent to invoke the skill in contexts the user did not clearly intend, increasing the chance of unintended prompt injection exposure, over-broad data sharing, or misleading autonomous behavior.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger sentence is so broad and generic that ordinary user requests about help, support, debugging, or error messages could activate the skill unintentionally. Overbroad activation increases the chance that the agent routes unrelated conversations into this skill, causing prompt hijacking of task selection, unexpected behavior, or inappropriate disclosure of contextual information to the wrong workflow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation examples do not define clear constraints, required context, or disambiguators, making it easy for the skill to be invoked from vague natural-language matches. In an agent environment, ambiguous routing logic can be abused or can accidentally supersede more appropriate skills, reducing control over tool selection and increasing the attack surface for mis-execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal