ClawHub

Content Marketing for Founders

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only content marketing skill with some language consistency issues, but no evidence of hidden code, credential access, persistence, or data exfiltration.

Install only if you want a strongly opinionated content-marketing assistant, especially for founder and Web3 content. Expect some Spanish-language prompts or examples unless the agent adapts them. Do not provide wallet seed phrases, private keys, customer secrets, or unpublished sensitive business data as content examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to activate the skill for generic requests such as 'help me with my content' or 'write a post for me,' which can cause unintended routing away from more appropriate skills. This creates a prompt-scope and reliability issue: once activated, the skill imposes strong workflow and style directives that may steer the assistant incorrectly or degrade user experience.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill mixes Spanish-language directives and examples into an otherwise English skill without checking the user's language preference. This can cause confusing, inconsistent outputs and may reduce the user's ability to review or safely use generated content, especially in business or public-facing copy workflows.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
These lines make Spanish prompts mandatory before writing, regardless of the user's language, which can force the assistant into an unintended language mode. Because this requirement is in a mandatory intake path, it can systematically disrupt user interaction, create misunderstandings, and produce unusable or noncompliant outputs for users expecting English or another language.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The general rules include Spanish-only requirements for Web3/crypto users without any language preference handling, which can make the skill produce mismatched language outputs across modules. In a content-generation system, this undermines predictability and can lead to accidental publication of the wrong-language copy or poor user comprehension.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal