ClawHub

Curiosity Gap Architect

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained copywriting skill for improving opening hooks, with only mild activation-scope concerns and no evidence of hidden execution or data exfiltration.

Install this if you want an agent to help rewrite the opening of drafts, emails, posts, talks, or ads. Use it in project folders where the draft and brief are safe for the agent to read, and be aware it may trigger on broad requests about making writing more interesting. The crypto and purchase labels appear inaccurate based on the skill text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill metadata includes a very large set of natural-language trigger phrases such as 'what's my opening line', 'I need to get attention', and 'this is boring how do I make it interesting', many of which are common conversational requests. In systems that auto-discover or auto-invoke skills based on prompt matching, this breadth can cause unintended activation, routing user content into a marketing/persuasion workflow when the user did not explicitly request it.

Vague Triggers

Low
Confidence
83% confidence
Finding
The example trigger 'Help me, this is boring, nobody's going to read past the first line.' is broad enough to overlap with ordinary drafting frustration and may be matched outside the intended domain. While this is only documentation, examples often feed retrieval, indexing, or trigger heuristics, so broad wording can still widen activation surface.

Vague Triggers

Low
Confidence
80% confidence
Finding
The example trigger 'This reads like every other nonprofit letter. How do I make it actually land?' is somewhat open-ended and could match general writing-improvement requests rather than specifically hook design. In an agent environment, such ambiguity can cause the skill to be selected when broader messaging, editing, or fundraising-review skills would be more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal