ClawHub

Hunt — Digital Bounty Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent hackathon-finding assistant with disclosed web browsing, local tracker updates, and reminder scheduling.

Use explicit commands like "find hackathons" or "show map" to avoid accidental activation. Review any separate packaged skill or CLI files before installing them, since this submitted artifact only contains markdown. Be careful with "clear map" or "reset map" because those commands archive the tracker and remove reminder jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using the single-word trigger "hunt" is overly broad and likely to appear in ordinary conversation, causing the skill to activate unintentionally. Because this skill can browse the web, write to files, and schedule reminders, accidental invocation could lead to unwanted network activity or state changes in the workspace.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger description is extremely broad, including phrases like 'anything related' to hackathons or digital nomad lifestyle. This can cause accidental invocation in ordinary conversation, leading the skill to perform network access, file writes, or scheduling actions without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using the single-word trigger 'hunt' is ambiguous and likely to collide with normal speech. In a system with automatic skill routing, this may invoke the skill unexpectedly and initiate browsing or other side effects based on casual language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal