ClawHub

Workflow Planner Simplifier

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk planning helper with overly broad routing language, but no executable code, credential access, persistence, or hidden behavior.

Install only if you want a helper for this specific workflow-planner requirement. Be aware that its trigger wording is broad, so it may be suggested for generic planning or productivity requests where another skill would fit better.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is broad and overlaps with common productivity, enhancement, and implementation-support requests, which can cause the skill to be invoked outside its narrowly intended requirement. Overbroad activation increases the chance that an unrelated user request is routed into a workflow that makes incorrect assumptions or drives unnecessary file-planning behavior.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The keyword list contains highly ambiguous terms such as 'enhancement', 'adaptive', 'planner', 'remove', 'per', and 'node', which are common across many unrelated requests. This makes unintended invocation likely, and in an agent setting that can misroute tasks, produce irrelevant actions, or override more appropriate skills with a mismatched workflow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The default prompt is very broad and effectively encourages invocation for a wide set of loosely related requests such as productivity, workflow, analysis, and implementation support. In systems that support automatic or suggestion-based skill routing, this can cause over-triggering, unintended delegation, or prompt-scope expansion into contexts the user did not clearly request, increasing the chance of unsafe or irrelevant actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Enabling implicit invocation without defined constraints allows the platform to activate this skill automatically based on weak semantic matches rather than explicit user selection. Because the skill description and prompt are themselves broad, this increases the likelihood of accidental activation in unrelated workflows, which can lead to inappropriate planning guidance, overreach, or interference with other agent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal