ClawHub

Prospecting Ratio Manager

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales analysis skill that reads user-provided pipeline/activity data and writes local markdown reports, with no evidence of hidden execution, exfiltration, or destructive behavior.

Install with normal caution. Use it with pasted numbers or in a workspace containing only the activity, CRM export, or pipeline files you want analyzed. Review before allowing it to write reports if existing ratio-dashboard.md or daily-tracker.md files matter, and stop if an agent asks for credentials, external transmission, purchases, or unrelated account access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The top-level description uses expansive phrases like 'even if they do not use those exact words' and covers many common sales topics, which can cause the skill to auto-trigger outside its intended narrow analytical use case. In an agentic environment, overbroad routing increases the chance the skill reads local files or produces outputs when the user did not explicitly ask for ratio analysis, creating unintended data handling and workflow side effects.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list contains generic phrases such as 'close rate,' 'sales numbers,' 'pipeline health,' and 'why am I in a slump,' which overlap heavily with ordinary sales conversations. This makes accidental invocation more likely, and because the skill is designed to inspect workspace files and normalize user data, misrouting can expose or process information unnecessarily.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs creation of `ratio-dashboard.md` and `daily-tracker.md` in the working environment but does not tell the user that files will be written or obtain consent first. In shared or sensitive workspaces, silent file creation can overwrite existing notes, leave behind sensitive sales metrics, or violate user expectations about side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal