ClawHub

Unit Test Coverage Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only helper for unit test and coverage workflows, with no evidence of hidden execution, data access, persistence, or destructive behavior.

Install this if you want an assistant workflow for improving unit tests and coverage. Be aware it may activate on broad testing-related requests, so explicitly name another skill or clarify your intent if you are asking about unrelated QA, debugging, or general software work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger sentences are highly generic and include broad phrases like 'help me' and 'I need a practical workflow,' which can cause the skill to activate in contexts the user did not explicitly intend. In an agent environment, over-broad invocation increases the chance of accidental routing, inappropriate context capture, or the skill influencing unrelated software tasks.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad and include generic terms like 'unit tests', 'test coverage', and 'testing', which can cause the skill to activate in situations where the user did not explicitly request this specific helper. In an agent ecosystem, unintended activation can steer workflows, override more appropriate skills, or cause the system to follow an irrelevant process, creating reliability and security-adjacent risks through misrouting.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt is phrased as a broad natural-language trigger tied to common software-development topics like unit tests, test coverage, testing, regression, workflow, and implementation support. If the platform uses this prompt for implicit routing, ordinary user requests in those categories may invoke the skill unexpectedly, increasing the chance of over-broad activation and unintended exposure of the skill’s instructions or behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger sentence is broad enough to match common user phrasing such as asking for practical workflow help, which can cause the skill to activate outside its intended unit-testing scope. Overbroad activation can route unrelated requests into this skill, producing irrelevant guidance and increasing the chance that downstream automation applies the wrong workflow or assumptions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation description does not clearly bound when the skill should and should not run, and its trigger examples are phrased so generally that many normal software-assistance requests could match. In an agentic system, ambiguous trigger scope is a security and safety issue because it enables unintended skill selection, context confusion, and potentially unsafe execution of a workflow on tasks it was not designed to handle.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal