ClawHub

Abandoned Checkout Monitor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only checkout-abandonment advice skill with a broad trigger, but no code execution, hidden data access, persistence, or account authority.

Install this if you want comprehensive checkout-abandonment diagnostics and recovery-copy guidance. Expect longer structured answers for vague sales or order-conversion questions; ask explicitly for a broader sales analysis or a short answer when checkout abandonment is not your focus.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger description is excessively broad, matching vague phrases like 'why no orders' or 'nobody's buying' that can arise in many contexts. This can cause the skill to activate when the user did not intend a checkout-focused workflow, leading to irrelevant guidance, possible data over-collection, and interference with more appropriate skills.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The eval explicitly rewards triggering the abandoned-checkout skill for a vague prompt about low orders with no checkout-specific evidence. This can cause the agent to over-trigger a specialized workflow, leading to irrelevant guidance, misdiagnosis, and suppression of more appropriate skills or clarifying questions. In the security context, overly broad trigger logic is dangerous because it makes agent behavior easier to steer with ambiguous prompts and increases the attack surface for prompt-routing abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal