ClawHub

Deep Strategy

Security checks across malware telemetry and agentic risk

Overview

This strategy skill is not clearly malicious, but its instructions are overly broad and too strongly obedience-focused for automatic trust.

Install only if you want a broad strategy-orchestration skill and can keep delegated research, code-analysis, and writing-tool calls under explicit user control. Do not use it as a default planner for sensitive tasks, secrets, credentials, account actions, or unsandboxed code execution unless you first narrow its instructions and require approval for powerful tool use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is extremely broad and presents the agent as a general-purpose strategic assistant without defining when it should or should not activate. In practice, this increases the chance the skill will be invoked for unrelated or sensitive tasks, expanding the attack surface and allowing its unsafe instructions to influence many contexts.

Vague Triggers

Low
Confidence
84% confidence
Finding
The overview says only that the skill provides 'specialized capabilities for deep strategy,' which is too vague to meaningfully limit usage. Although this is less severe than the metadata description, it still encourages over-broad application and makes it easier for risky instructions elsewhere in the file to be applied in unintended situations.

Ssd 1

Medium
Confidence
97% confidence
Finding
The skill repeatedly frames 'absolute loyalty to user input' and 'user input is the absolute first fact' as inviolable, while warning that deviation is 'total mission failure.' This is dangerous because it attempts to semantically displace safer system and policy constraints, priming the agent to follow user requests even when they conflict with security, correctness, or higher-priority safeguards.

Ssd 4

Medium
Confidence
91% confidence
Finding
The CEO role-play, 'golden rules,' threats of mission failure, fines, and absolute prohibitions create a coercive obedience framework that normalizes rigid compliance and discourages safe discretion. This kind of authority framing makes the skill more dangerous because it conditions the model to prioritize internal fictional commitments over balanced policy-aware reasoning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal