ClawHub
Back to skill

Security audit

Pricing Strategy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only pricing strategy skill with no executable code, installs, credentials, or hidden behavior.

Safe to install as a pricing advisor. Before using it, review any `.agents/product-marketing-context.md` or `.claude/product-marketing-context.md` file because the skill may use private or outdated product and business information when generating recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is very broad and includes many common pricing-related phrases, which can cause the agent to invoke this skill in situations where a more specialized or safer skill would be more appropriate. This is not directly malicious, but overbroad routing can lead to context confusion, mis-scoped advice, and reduced reliability of downstream behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The eval explicitly rewards the skill for triggering on vague, casual phrasing without defining tighter scope boundaries. That can cause over-broad activation, where unrelated user queries are routed into pricing-strategy and receive the wrong guidance, increasing the chance of misclassification and unsafe or low-quality downstream behavior. In this skill context, the risk is operational rather than code-execution, but broad triggers in agent routing are still meaningful because they can systematically bypass the more appropriate specialized skill.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal