ClawHub

Mobile Responsive Layout Fixer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only frontend helper skill with broad activation wording but no evidence of hidden, destructive, or data-stealing behavior.

Safe to install if you want a lightweight helper for responsive layout and navbar work. Be aware it may activate on broad frontend or layout requests, so explicitly name a different skill or disable implicit invocation if precise routing matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger sentences are generic and can cause the skill to activate for a wide range of loosely related requests instead of only clear mobile responsiveness tasks. Over-broad activation increases the chance of unintended routing, prompt interference, or misuse of the skill in contexts it was not designed to handle, which can degrade safety and reliability of downstream agent behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to match common requests about layouts, responsive design, or general frontend help, which can cause the skill to activate outside its intended scope. In an agent ecosystem, over-broad invocation can redirect benign user requests into this workflow unexpectedly, creating control-flow confusion and increasing the chance of unsafe or low-quality autonomous behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger keywords are broad enough to match many ordinary frontend requests, which can cause this skill to be invoked outside its intended use. Over-broad invocation increases the chance that users are routed into a less appropriate workflow, potentially overriding more specific or safer skills and causing confusing or incorrect task handling.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The example trigger phrases use generic natural language that could match common everyday requests, making unintended invocation more likely. This is dangerous in skill-routing systems because ambiguous examples often shape activation behavior, leading to misfires and reduced trust in tool selection.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The keyword list includes very generic terms like 'layout' and 'frontend' without exclusion rules or contextual constraints, which can cause accidental invocation in unrelated conversations. In an agent environment, over-broad triggering can route user requests into the wrong skill, increasing the chance of irrelevant actions, confusion, or unsafe downstream assistance based on incorrect context.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill enables implicit invocation without any narrowly defined trigger conditions, so the platform may auto-select it for broad user requests related to layout, design, or content. That creates an unnecessary attack surface: the skill can be invoked in contexts the user did not explicitly choose, increasing the chance of prompt injection propagation, unintended actions, or irrelevant/unsafe workflow execution.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger sentence is phrased so broadly that normal user language could invoke the skill unintentionally, causing prompt routing to occur when the user did not explicitly request this capability. In an agent system, overbroad invocation increases the chance of misfires, context hijacking, or inappropriate application of the skill in unrelated conversations.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The invocation guidance relies on broad natural-language matching without precise boundaries, which can cause accidental activation from ordinary requests involving mobile design, layout, or navigation. This weak trigger design is dangerous because it expands the skill's effective scope beyond the author's likely intent and can interfere with safer or more appropriate skill selection.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal