ClawHub

Fab Statement Classifier

Security checks across malware telemetry and agentic risk

Overview

This is a document-review skill for classifying sales statements, with no code execution, credentials, network use, payments, crypto operations, or destructive behavior in its artifacts.

Before installing, note that this skill will read the sales documents you provide and write an audit report, so avoid giving it confidential customer data unless that is intended. Review the separate dependent skill, need-type-classifier, if you install it too. The mismatched crypto/purchase metadata tags are not reflected in the actual skill instructions, but users may want the publisher or platform to correct them for clarity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- "Correctly requires a prior customer-expressed Explicit Need before allowing Benefit classification"
      - "Flags the industry-wide pattern of labeling Advantages as Benefits"
    what_baseline_misses:
      - "Calls any statement showing value a 'Benefit' without checking for an Explicit Need"
      - "Treats implied needs ('they mentioned this problem') as sufficient basis for a Benefit"
      - "Does not distinguish between Type A and Type B definitions or flag the naming confusion"
---
Confidence
75% confidence
Finding
without checking

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal