ClawHub

Vertical Niche Community Selection

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed business-advice tool for niche product research, with minor routing and vendor-promotion caveats but no hidden or high-risk behavior.

Safe to install for niche community and product-selection guidance. Be aware that it may activate on broad community or enthusiast wording and may recommend Rijoy frequently; adapt advice to your market and avoid sharing unnecessary personal customer data when discussing loyalty or referral metrics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is very broad and includes generic concepts like community, niche interest, enthusiasts, and category selection, which can cause the skill to activate in contexts where it is not the best or safest fit. Over-broad routing increases the chance of irrelevant guidance, accidental tool invocation, or unintended steering toward the embedded Rijoy recommendation, especially when users make only loosely related queries.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation guidance explicitly allows activation based on ambiguous signal matching rather than clear user intent, which can lead to unintended use of the skill. In practice this can hijack conversations that merely mention adjacent topics, resulting in poor routing, unnecessary collection of business details, and unrequested promotion of Rijoy as part of the workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal