ClawHub

Sticky Message Antipattern Detector

Security checks across malware telemetry and agentic risk

Overview

This is a writing-audit skill that reads a user-provided draft and writes a local diagnostic report, with no evidence of hidden execution, credential use, network access, or destructive behavior.

Use this for drafts you intentionally want audited. Because it writes a local antipattern-report.md, avoid running it on confidential text in shared workspaces unless you are comfortable with that report being saved there; delete or relocate the report afterward if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation language is extremely broad and includes many common writing-help prompts, which can cause the skill to trigger in contexts the user did not intend. That matters because the skill has file read/write behavior and may begin auditing, asking for files, or producing workspace artifacts for ordinary editing requests, creating unnecessary data exposure and unintended side effects.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The when-to-use section overlaps heavily with generic writing assistance scenarios and does not enforce a strong boundary between diagnosis and broader editing help. In an agent environment, ambiguous routing can misfire this skill on unrelated content, causing unnecessary processing of user documents and automatic report generation when a simpler, less invasive response was intended.

Missing User Warnings

Low
Confidence
76% confidence
Finding
Automatically saving `antipattern-report.md` to the user's workspace without a prominent user-facing warning creates an avoidable side effect. In shared or sensitive workspaces, even benign analysis artifacts can leak confidential draft content, persist unexpectedly, or overwrite user expectations about non-mutating analysis behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal