ClawHub

Linked List Practice Helper

Security checks across malware telemetry and agentic risk

Overview

This is a small linked-list practice helper with no executable code or data access, though its activation terms are too broad and could cause misrouting.

Install only if you want a helper for linked-list interview-practice or issue-planning workflows. Be aware that its broad keywords and implicit invocation may make it appear for unrelated requests involving words like add, linked, or list; narrowing those triggers would improve reliability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list includes very common terms such as `add`, `frequently`, `asked`, `linked`, and `list`, which are likely to appear in many unrelated user requests. This can cause accidental invocation of the skill in contexts where it is not appropriate, leading to prompt-routing errors, irrelevant guidance, or unintended influence over broader conversations.

Vague Triggers

High
Confidence
93% confidence
Finding
The description says to use the skill for broad categories like `general-help`, `add`, or whenever a user needs workflow, checklist, analysis, or implementation support for this requirement. That scope is overly open-ended and can make the orchestrator select this skill for many unrelated requests, increasing the chance of misrouting and low-quality or confusing outputs.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation (`allow_implicit_invocation: true`) while the metadata describes broad trigger conditions such as general help and implementation support, without narrow activation constraints. This increases the chance the agent invokes the skill in contexts the user did not clearly intend, which can lead to prompt-surface expansion, unintended instruction influence, or misuse of the skill during unrelated tasks.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad and include common words like "add," "frequently," "asked," "linked," and "list," which can cause the skill to activate for unrelated everyday requests. In an agent setting, overly permissive activation can route normal user queries into this skill unexpectedly, creating prompt-scope confusion and increasing the chance of incorrect or unintended behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Labeling the skill as "general-help" without clear boundaries or exclusion criteria makes activation ambiguous and expands the range of contexts in which the skill may be selected. This increases the risk of misrouting user requests, especially because the skill is designed to generate plans and artifacts, which could override more appropriate specialized skills or produce irrelevant outputs.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal