ClawHub

竞品分析器 Competitor Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent competitor-analysis prompt with proportionate web research and report-writing behavior, but users should avoid sharing confidential strategy if they do not want it reused as context.

Install is reasonable for ordinary competitor research. Do not provide confidential roadmap, pricing, strategy, or sensitive competitor intelligence unless you are comfortable with that context being used for the analysis and possibly reused for personalization; review generated reports before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will remember user industry, product positioning, prior competitors, and reporting preferences, but provides no user-facing disclosure, consent flow, retention limit, or opt-out. Even though the data is business-oriented rather than obviously sensitive, it can still reveal confidential strategy, market focus, and internal planning information, creating privacy and confidentiality risk if retained or reused unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This second memory section reinforces persistent storage and learning from user data without any privacy warning, deletion mechanism, or consent boundary. Repetition makes the behavior more concerning because it normalizes ongoing retention of business context and user preferences, increasing the chance of unauthorized profiling, cross-session reuse, or leakage of proprietary information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal