ClawHub

Internal Comms Anthropic

Security checks across malware telemetry and agentic risk

Overview

This skill is a non-executable writing aid, but it encourages broad use of workplace Slack, email, calendar, and document sources without clear limits.

Install only if you are comfortable with the agent using connected workplace tools for drafting. Give explicit limits for sources, channels, documents, mailboxes, people, and date ranges, and review drafts carefully before sharing. Avoid private inboxes, restricted documents, HR/legal/security topics, customer data, and personal data unless you are specifically authorized to use them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description says it should be used whenever asked to write internal communications and lists many categories, which creates a broad routing surface. In an agentic system, this can cause the skill to activate on loosely related or ambiguous writing requests, increasing the chance that untrusted skill instructions influence outputs when the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The keyword list includes generic terms such as 'updates' and 'weekly update' without strong qualifiers, which can over-trigger the skill for ordinary writing tasks unrelated to sanctioned internal communications. Overbroad keyword activation can misroute prompts and expose the model to unnecessary instruction precedence from this skill, reducing reliability and creating prompt-injection-style routing risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly directs the agent to pull content from Slack, Google Drive, Email, and Calendar to compose an update, but it does not require user confirmation, least-privilege scoping, or any warning that sensitive workplace data may be accessed. In an enterprise setting, this can cause the agent to collect and summarize confidential information from broad internal sources beyond what the user expected, increasing the risk of unauthorized data exposure in generated communications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly directs the agent to search Slack, email, calendar, documents, and external press for company-wide content, which can cause the agent to access and synthesize sensitive internal information without an explicit user confirmation or least-privilege boundary. In a company-wide newsletter context, this increases the risk of over-collection, inclusion of confidential material, and exposure of data from executive communications or broadly attended meetings that were not intended for redistribution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal