ClawHub

product-rnd

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The supplied artifacts describe an instruction-only product report-writing skill with no code or credentials, though its persuasive, assumption-based reports should be reviewed carefully.

This appears low risk from the supplied artifacts because it is instruction-only and does not request local access, credentials, installation, or code execution. Treat its outputs as polished drafts: verify claims, require citations, and ensure assumptions are clearly labeled before using reports for management, investor, or product decisions.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI09: Human-Agent Trust Exploitation
Low
What this means

Users may over-trust polished reports, especially for investor or management decisions.

Why it was flagged

The skill's stated purpose includes producing persuasive senior-decision reports, which is purpose-aligned but can make AI-generated analysis feel more authoritative than the underlying evidence supports.

Skill content
create professional, serious, visually appealing, logically clear, highly persuasive... reports... convince them to adopt your proposals
Recommendation

Ask the skill to label assumptions, separate sourced facts from estimates, and include uncertainty or evidence quality before sharing the report.

#
ASI09: Human-Agent Trust Exploitation
Low
What this means

Generated market or product claims may include plausible but unverified extrapolations.

Why it was flagged

The skill permits filling data gaps with assumptions, which is common in strategic analysis but should be clearly disclosed to avoid unsupported claims.

Skill content
Use industry-standard assumptions and experiential judgment when data is insufficient
Recommendation

Require citations where possible and have the output mark assumptions, estimates, and recommendations separately.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Users have less external context for who maintains the skill or where to verify it.

Why it was flagged

The skill has limited provenance information, although the risk is reduced because the artifacts show no code files, install spec, dependencies, or required binaries.

Skill content
Source: unknown; Homepage: none
Recommendation

Review the skill text and publisher information before relying on it for important business work.