ClawHub

Product Sampling Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a marketing planning skill with expected customer-data and tracking guidance, but no executable code, hidden behavior, credential handling, or automatic account changes.

Reasonable to install as a planning guide. Before letting an agent execute the plan in connected tools, require explicit approval for CRM tags, tracking pixels, discount codes, landing pages, analytics changes, direct-mail lists, or use of customer/prospect data, and confirm privacy notice, consent, and legal compliance requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This is a markdown file, so SQP-2 applies to missing user-facing warnings about behaviors that could affect privacy or user data. The guidance recommends installing conversion pixels, tagging sample recipients in a CRM, and tracking digital touchpoints, but it does not mention consent, privacy notice obligations, or careful handling of customer data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This markdown template instructs users to define qualification criteria and data sources for audience targeting, which implies use of customer or prospect data. It does not include any warning or note about privacy, consent, or appropriate handling of personal data, despite the file also covering CRM-based segmentation and tracking workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The checklist explicitly calls for conversion pixels, CRM tags, landing pages, and analytics dashboards, all of which can affect user privacy and data collection practices. The markdown provides operational guidance but omits any disclosure or caution about consent, disclosure obligations, or responsible tracking configuration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal