ClawHub

Prospecting Message Crafter

Security checks across malware telemetry and agentic risk

Overview

This is a sales-message drafting skill that reads user-provided prospecting material and writes one local output file, with no executable code or hidden credential use found.

Install is reasonable if you want help drafting prospecting outreach. Use it in a directory where creating or overwriting prospecting-message-output.md is acceptable, provide only prospect/customer data you are allowed to use, and review generated messages for accuracy, consent, and anti-spam compliance before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill explicitly writes `prospecting-message-output.md` to the working directory but does not clearly warn the user in the human-facing markdown that local files will be created or modified. This is a real but low-severity safety issue because unexpected file writes can overwrite user work, create artifacts in sensitive directories, or violate user expectations about agent behavior.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill requires `Read`, `Write`, and `Grep` over user files and references scanning materials in the working directory, yet it lacks a clear privacy and file-access notice in the user-facing markdown. While the intended use is legitimate for drafting sales messages, undisclosed access to local files can expose unrelated sensitive content and create unnecessary privacy risk if the agent reads more than the minimum required inputs.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The content explicitly recommends using the word "because" to increase compliance by triggering an automatic response pattern in prospects. Even in a sales-training context, this is a persuasion technique framed around exploiting reflexive behavior rather than informed consent, which can enable manipulative outreach at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal