ClawHub

Learn Occam

Security checks across malware telemetry and agentic risk

Overview

This is a simple learning-prioritization prompt skill with no executable code or sensitive access.

Install this if you want an opinionated assistant strategy for deciding what is worth learning now. It may push conversations toward time, ROI, and minimal-useful-learning decisions, but it does not add code execution, persistence, credentials, or sensitive data access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill metadata describes very broad trigger scenarios such as indecision about what to learn, how deep to go, or how to allocate time and effort. These are common conversational situations, so the skill could activate too often and steer ordinary chats into a prescriptive decision framework the user did not explicitly request. In this context the risk is prompt-scope overreach rather than direct system compromise.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The '何时用' section says the skill applies when a user is纠结 about whether to learn something or where to invest effort, but it does not define strict trigger constraints. That ambiguity increases the chance of unsolicited activation in normal discussion, causing the agent to redirect the conversation or impose a narrow optimization lens without clear consent. The surrounding content reinforces forceful behavior with phrases like '逼问一句' and '刹车,' which makes accidental activation somewhat more disruptive.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal