ClawHub

Local LLM Setup Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only advisory skill for local LLM setup, with no executable code or data-access behavior, though its activation text is overly broad and poorly generated.

Before installing, be aware that this skill may activate on broad local-AI or privacy-related requests and its source-evidence section is low quality. It appears safe as an advisory skill, but users should verify any setup commands or model recommendations it produces before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are extremely broad and partially templated, which can cause the skill to activate in contexts that only loosely match the intended use case. In an agent system, overbroad activation can route unrelated user requests into this skill, leading to incorrect guidance, prompt-scope confusion, or increased exposure to adversarial prompt content embedded in normal conversation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to activate on common AI/software requests that may not specifically require this skill, increasing the chance of inappropriate routing or overuse. Over-broad activation can cause the agent to apply domain-specific instructions in unintended contexts, which is a prompt-scope security issue because it expands the skill’s influence beyond its justified boundary.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger examples use generic phrasing like 'help me' and 'I need a practical workflow' tied to a long requirement sentence, but without meaningful exclusion constraints. This makes accidental or excessive invocation more likely, which can misroute unrelated user requests into this skill and dilute safety boundaries around when its instructions should apply.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description and activation scope are broad enough that it may match loosely related requests instead of narrowly scoped local-LLM setup tasks. Over-broad invocation can route users into an unintended workflow, causing incorrect assistance, privacy mismatches, or bypass of more appropriate specialized skills.

Vague Triggers

Low
Confidence
82% confidence
Finding
The trigger keyword set includes generic terms such as privacy that can appear in many unrelated conversations. This increases the chance of accidental invocation, which can degrade routing quality and expose users to irrelevant instructions or outputs not tailored to their actual task.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt uses a very broad, natural-language invocation phrase tied to a common topic area rather than a narrow, explicit trigger. Combined with allow_implicit_invocation: true, this can cause the skill to activate on ordinary user requests about local LLMs, software setup, CPUs, or GPUs without clear user intent, increasing the chance of unintended prompt injection exposure, unexpected tool behavior, or policy boundary bypass through over-broad routing.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger examples are broad and malformed enough that a normal user request about local AI help could accidentally activate this skill outside a clearly intended scope. Over-broad activation can cause unintended routing, reducing user control and potentially exposing the system to prompt-selection abuse or incorrect tool invocation.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The invocation examples do not adequately bound when the skill should fire, and the listed trigger sentences are generic enough to overlap with ordinary assistance requests. In a skill-routing system, this increases the chance of misrouting or opportunistic activation, which can let the skill influence conversations it was not meant to handle.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal