ClawHub

Spin Discovery Question Planner

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales planning skill that reads deal documents and writes a question bank, with no code execution, network use, credential handling, or hidden behavior found.

Safe to install for B2B sales-call preparation. Review the input files you provide because deal briefs, account research, and needs logs may contain confidential business information, and consider tightening the broad trigger wording or correcting the unrelated crypto/purchase metadata tags before publishing broadly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The example trigger phrase is so generic that it overlaps with common everyday planning prompts and could spuriously invoke this skill for unrelated meeting prep. In the context of agent skill routing, ambiguous natural-language triggers are dangerous because they increase false activations, causing the agent to follow the wrong workflow and potentially produce unsuitable advice based on incomplete or irrelevant sales artifacts.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The example trigger phrase is so generic that it overlaps with common everyday planning prompts and could spuriously invoke this skill for unrelated meeting prep. In the context of agent skill routing, ambiguous natural-language triggers are dangerous because they increase false activations, causing the agent to follow the wrong workflow and potentially produce unsuitable advice based on incomplete or irrelevant sales artifacts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal