ClawHub

Ai Starter

Security checks across malware telemetry and agentic risk

Overview

This is a text-only brainstorming skill with broad example prompts, but it does not install code, access data, or take actions outside ideation guidance.

Install this if you want a lightweight brainstorming prompt library. Use explicit invocation or manual routing if you want tighter control, because some example prompts are common phrases that may activate more often than intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger phrases in the 'When to Use' table are extremely generic brainstorming and conversation patterns such as 'What if...' and 'Go deeper on...'. In a skill-routing system, this can cause unintended invocation during ordinary user interactions, leading to prompt hijacking of the user flow, wrong tool selection, or accidental exposure of the skill's instructions in contexts where it was not intended.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The usage guidance is broadly framed as a general-purpose thinking companion without constraints, making it applicable to a very wide range of normal conversation. That broad scope increases the chance that an orchestrator or agent will activate this skill in situations where brainstorming was not requested, creating confusion and potentially interfering with higher-priority or safer skills.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The quick-start prompts are highly generic phrases like 'What else could...' and 'What's the next step?' that naturally appear in many unrelated conversations. If used as activation cues, they materially increase the risk of accidental triggering, which can disrupt task routing, override more suitable skills, and create unreliable agent behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal