ClawHub

KOL Brief

Security checks across malware telemetry and agentic risk

Overview

This is a text-only marketing brief skill with disclosed compliance guidance; its main risk is that users must verify any advertising, safety, certification, or performance claims before using them.

Before installing, treat this as a drafting aid rather than legal or regulatory approval. For health, beauty, electronics, kids, food, supplements, pricing, or performance claims, require documented substantiation and approved claim language before sending briefs to creators.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide encourages creators to use concrete efficacy and certification-based claims such as visible results in fixed timeframes and FDA-cleared positioning, but it does not consistently require substantiation, jurisdiction-specific compliance review, or verification before those claims are inserted into briefs. In a creator-enablement skill, this can propagate misleading advertising, unsubstantiated health/beauty claims, and regulatory exposure at scale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The worked examples include strong implied performance and child-related claims like cooling a nursery in 3 minutes and positioning around family use without any instruction to verify testing, safety, or suitability for infants/children. Because this skill is meant to generate creator briefs, unsupported examples can be copied directly into promotional content and create consumer safety, false advertising, and platform-policy risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal