ClawHub

OpusFlame Deep Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed deep-research workflow that uses multiple models, web research, saved reports, and PDF delivery in ways that fit its stated purpose.

Install this if you want a heavyweight research workflow. Before using it, assume your topic may be processed by several model providers, searched on the web, saved in local research files, and returned as a PDF; avoid sensitive or confidential prompts unless that handling is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation description contains broad trigger phrases like 'research X' and 'deep dive on X', which can match ordinary conversation and cause the skill to activate unexpectedly. Because this skill performs expansive actions—spawning multiple agents, conducting extensive web research, writing files, generating a PDF, and sending it—the overbroad trigger surface materially increases the chance of unintended execution and data handling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill performs multiple side effects—saving several research files, generating a PDF, and sending that PDF—without a clear user-facing warning in the skill description. Users may provide sensitive topics expecting analysis only, not persistent storage and outbound file creation, which creates consent, privacy, and surprise-action risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-provided topics through four different model agents and performs extensive web research, but does not warn users about this cross-model processing or the privacy implications. Sensitive business plans, personal data, or confidential prompts could be unnecessarily disseminated across providers and external sources, increasing exposure and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal