ClawHub
Back to skill

Security audit

AI Prompt Optimization

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-writing helper made only of markdown templates and guidance, with no code execution or hidden data access.

This skill is low risk to install from the reviewed artifacts. Review prompts it produces before using them, avoid pasting secrets or sensitive business data into examples, and prefer requests for brief rationale or structured summaries instead of hidden internal reasoning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is broad enough to activate on many ordinary prompt-related requests without clear scoping boundaries. Over-broad activation can cause the wrong skill to engage, leading to unintended handling of user requests and increased exposure to unsafe prompt-engineering patterns, though it does not directly execute code or exfiltrate data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The instruction to act whenever users seek prompt optimization assistance is ambiguous and lacks precise routing conditions. This can cause inappropriate invocation across a wide set of benign conversations, increasing the chance that risky prompt techniques are suggested in contexts where they are unnecessary or conflict with safer system behavior.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill explicitly promotes chain-of-thought prompt design as a default capability and provides a template that asks the model to reveal internal reasoning steps. Encouraging chain-of-thought elicitation can conflict with safer model policies and may induce disclosure of internal reasoning or unsupported reasoning artifacts instead of concise answers or summaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.