ClawHub

Stereoscopic 3D Support Helper

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a documentation/workflow skill with overly broad activation wording, but no evidence of hidden code, credential theft, persistence, destructive behavior, or data exfiltration.

This is reasonable to install if you want stereoscopic 3D support guidance, but expect possible over-triggering from vague phrases. Review whether your skill router can require explicit stereoscopic-3D intent before invoking it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger sentence is broad enough to match ordinary help-seeking language rather than a narrowly scoped stereoscopic-3D request. That can cause the skill to activate unexpectedly for unrelated prompts, leading to misrouting, unwanted instruction injection from this skill, or interference with safer or more appropriate skills.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase 'Help me stereoscopic 3d support.' is grammatically vague and broad enough that it may activate on loosely related requests rather than a clearly scoped feature-request workflow. In a skill-routing system, ambiguous triggers can cause misselection of this skill, leading to irrelevant guidance, confusion, or unintended handling of user requests.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes generic words like "support," "overview," "mode," "would," "great," and "maybe," which are common in ordinary conversation and unrelated tasks. This can cause unintended skill activation, leading the agent to inject this skill's workflow into unrelated user requests and potentially override more appropriate routing or responses.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description says to use the skill for broad categories like "business-and-operations" and for users needing a "practical workflow, artifact, checklist, analysis, or implementation support," without tight scoping to stereoscopic 3D requests. Ambiguous invocation conditions increase the chance that the skill is selected for unrelated tasks, which can confuse behavior and create prompt-routing weaknesses.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The example trigger sentence "Help me stereoscopic 3d support." is phrased in a broad, conversational way that overlaps with normal speech patterns. Example triggers shape routing behavior and can reinforce overbroad activation when combined with the generic keyword set elsewhere in the skill.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger keyword list includes very broad, common words such as "support", "overview", "mode", "would", "great", and "maybe", which can cause the skill to activate for many unrelated conversations. In an agent system, accidental over-triggering can route users into irrelevant workflows, create prompt-injection exposure by invoking unnecessary skill content, and degrade reliability of task selection.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default invocation prompt uses broad, repetitive natural language ('help me stereoscopic 3d support') without clear boundaries on when the skill should be invoked. Combined with implicit invocation being enabled, this can cause accidental routing on loosely related user requests, increasing the chance of unintended agent activation and inappropriate context access or response generation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase set is broad and loosely scoped, using generic wording like "Help me stereoscopic 3d support" and keywords such as "support" and "overview" that can overlap with unrelated requests. This can cause accidental invocation or misrouting, which is a security-relevant weakness because it increases the chance that the wrong skill handles user input or operational requests without sufficient relevance checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal