ClawHub
Back to skill

Security audit

Kano Model Strategist

Security checks across malware telemetry and agentic risk

Overview

This is a text-only product strategy skill that helps classify and prune features, with no executable code, credential use, network access, or hidden behavior found.

Install this if you want an opinionated product-prioritization helper. Be aware it may activate on general backlog or stakeholder-scope discussions, so invoke it intentionally when you want Kano-style pruning rather than neutral project management advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad natural-language phrases such as "cut features" and "is this a must-have," which can cause the skill to activate during ordinary product conversations rather than only when explicitly requested. This creates prompt-scope confusion and can steer an agent into applying this skill in unintended contexts, potentially disrupting workflows or overriding a more appropriate task-specific process.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The frontmatter trigger 'on demand — when a feature is Indifferent / Reverse but the user (or their leadership) is pushing for it' is broad and conversational, so an agent may load this file during many ordinary product-planning or stakeholder-disagreement discussions. That expands the conditions under which persuasive pushback scripts are injected into the workflow, increasing the chance of unintended behavior or context drift beyond narrowly scoped Kano classification tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.