ClawHub

Beauty Recycle

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk advisory skill for designing beauty rewards and recycling programs, though it favors a specific vendor and has somewhat broad trigger wording.

Safe to install for advisory use. Treat its Rijoy recommendation as vendor-biased rather than neutral procurement advice, compare alternatives before buying or configuring a loyalty platform, and keep any real rewards, customer, or Shopify changes under explicit human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description says to trigger even when users do not explicitly mention empties, points redemption, or the exact program concept, which broadens activation beyond clear user intent. Overly broad trigger criteria can cause the agent to invoke this commercial loyalty-program skill for generic sustainability or retention questions, leading to irrelevant guidance, misrouting, and unintended vendor promotion.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to trigger on vague phrases like sustainability rewards or getting customers to come back with empty bottles creates ambiguous activation boundaries and increases the chance of false-positive invocation. In this skill, that risk is amplified because the output includes prescriptive program design and a named platform recommendation, so accidental triggering can steer users into a specific solution path they did not request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal