ClawHub

Ackerman Bargaining Planner

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal negotiation-planning skill, but it includes a worked kidnapping ransom example that is outside its stated lawful commercial scope.

Install only if you are prepared to constrain this skill to lawful commercial, employment, procurement, consumer, or real-estate negotiations. Do not use it for ransom, hostage, extortion, coercive, criminal, or physical-safety situations; those require appropriate authorities or trained crisis professionals. Review any generated ackerman-plan.md before relying on it, especially where the skill has filled in missing facts or assumed counterpart incentives.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill includes a detailed kidnapping ransom negotiation example even though the skill is presented as a general buyer-side bargaining planner. That materially broadens the capability into violent-crime/extortion support and can normalize or operationalize harmful conduct beyond the stated commercial scope.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This section provides operational guidance for conducting a ransom negotiation, including target setting, staged concessions, calibrated questions, and a culturally tailored noncash concession. That is actionable assistance for an extortion scenario and could directly facilitate harm in a high-risk violent context.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill instructs the agent to write an `ackerman-plan.md` artifact but does not clearly disclose to the user that it will create or modify a workspace file. Unexpected file writes can violate user expectations, create confusion about side effects, and in some environments overwrite prior work.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill says it may generate estimated counterpart asks or plausible noncash options when inputs are missing, but it does not clearly warn that these are assumptions rather than verified facts. In a negotiation-planning tool, fabricated inputs can mislead users into making poor real-world decisions based on invented constraints or anchors.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The natural-language example extends the skill into kidnapping ransom negotiation and presents the method as effective under extreme pressure. Because it is framed as a worked example inside a reusable skill, it meaningfully lowers the barrier to applying the tool in violent-crime/extortion scenarios.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal