ClawHub

Housing Dispute Help Planner

Security checks across malware telemetry and agentic risk

Overview

This is a small planning skill for a housing-dispute help request, with overly broad activation wording but no code, credentials, persistence, or data-access behavior.

Install only if you want dispute-planning help for the Hello Landing furnished-apartment topic. Be aware it may activate on generic words like ask, hello, or landing, so users should invoke it explicitly or narrow the triggers if possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill description advertises activation on very broad terms such as 'general-help', 'ask-hn', 'ask', 'hello', and 'landing', several of which commonly occur in unrelated conversations. This can cause accidental invocation outside the intended housing-dispute context, leading to inappropriate routing, context leakage into the wrong workflow, or user confusion from irrelevant dispute-oriented guidance.

Vague Triggers

High
Confidence
97% confidence
Finding
The explicit keyword list contains ambiguous everyday words including 'ask', 'hello', and 'landing' without any scope constraints, making false-positive triggering highly likely. Because skill routing often depends directly on these keywords, an unrelated user message could activate this skill and divert the agent into producing dispute-planning output for the wrong task.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill enables implicit invocation without any visible trigger constraints or narrowing conditions, so it may be activated in broader contexts than intended. That can cause the agent to inject this skill's workflow or guidance into unrelated conversations, creating prompt-scope confusion and increasing the chance of inappropriate or manipulative assistance being surfaced automatically.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The usage keywords include very broad terms such as "general-help," "ask," "hello," and "com," which can match many unrelated requests and cause the skill to be invoked outside its intended housing-dispute scope. This increases the chance of misrouting user requests, producing irrelevant advice, and unintentionally exposing users to workflow outputs that were not designed for their actual context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "Help me Hello Landing Dispute – Furnished Apartments" begins with generic everyday wording and does not impose meaningful constraints beyond a loosely appended topic string. Broad trigger construction can cause accidental activation from ordinary help-seeking language, especially when combined with the overly permissive keyword set.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal