ClawHub

The Founders Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a text-only startup guidance skill whose broad activation language may be a little noisy, but the behavior is disclosed and no hidden execution, data collection, or destructive capability is present.

Install only if you want your agent to proactively apply startup-stage guidance. If you use many skills, consider invoking this one explicitly or asking the agent to confirm before switching into the playbook, especially when discussing generic words like launch, scale, or build.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README instructs users to "just start talking naturally" and gives a broad example, implying the agent will infer and activate the playbook from ordinary startup-related conversation. In a multi-skill environment, this kind of loose natural-language trigger can cause unintended activation, context hijacking, or inappropriate workflow steering when the user is only discussing ideas rather than explicitly invoking the skill.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill uses very broad trigger phrases such as "launch," "scale," "market research," and "write the code," which are common in many unrelated conversations. This can cause accidental invocation of the skill in contexts where the user did not intend startup-playbook behavior, leading to prompt/context hijacking of the agent's workflow, inappropriate guidance, or interference with higher-priority tasks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises activation on very broad phrases like 'I have an idea for', 'Help me build the MVP', and 'We need to scale', which are common in ordinary discussion and can cause unintended skill activation. In an agent ecosystem, overly generic triggers increase the chance that startup-playbook instructions are injected into unrelated conversations, leading to context confusion, unwanted workflow shifts, or accidental execution of guidance the user did not explicitly request.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal