ClawHub

Phy Influencer Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent influencer-research helper that searches public web sources and creates a local spreadsheet, with no evidence of hidden execution, credential use, exfiltration, or destructive behavior.

Install this only if you want an agent to run broad public web research for influencer outreach and create local Excel reports. Provide the niche, region, platforms, target count, and desired output location up front, and avoid autonomous mode if you want confirmation before assumptions or file creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger text is very broad, covering generic phrases like "find influencers" and "creator database," which can cause the skill to activate for ordinary research requests beyond the user's intended scope. In an agent system, over-broad activation increases the chance of unintended web searches, autonomous data collection, and file generation without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to generate and save an Excel file to local storage but does not disclose that data will be written under a local output path. This can surprise users, create data retention/privacy issues, and lead to unwanted local artifacts, especially when the collected dataset includes personally identifying profile information and inferred attributes.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Defaulting region based on language infers locale from user characteristics without opt-in, which is a policy and privacy concern and can produce biased or incorrect targeting. In this skill, that inference directly affects who gets researched and included in outreach lists, so the assumption can materially alter outcomes without user awareness.

VirusTotal

No VirusTotal findings

View on VirusTotal