ClawHub

Mova Churn Prediction

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed churn-analysis workflow that uses customer data through MOVA, with human approval before retention actions.

Install only if your team is authorized to run churn profiling on the selected customer segment. Before connecting live systems, verify MOVA’s data retention, audit storage, consent/legal-basis checks, and who can approve campaign launches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is broad enough to match ordinary business-analysis requests, which can cause the skill to activate in situations where the user did not explicitly intend to invoke a churn-profiling workflow. In this skill, unintended activation matters because it initiates access to customer behavior signals and profiling logic, creating privacy, compliance, and authorization risks even if a later human approval gate exists for campaign launch.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The 'When to trigger' section lists positive examples but does not define boundaries or negative examples, so an agent may over-trigger on loosely related customer-success or analytics prompts. In this context, over-triggering is more dangerous because the skill handles customer profiling and sends segment and behavior-derived data through external connectors, making accidental invocation a meaningful privacy and governance issue.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal