ClawHub

Peer Reviewed Parent

Security checks across malware telemetry and agentic risk

Overview

This skill does not run code or request access, but it overstates the quality of its evidence for infant-care guidance.

Install only if you treat it as educational support, not medical guidance. Verify citations yourself, especially where answers concern sleep safety, feeding, allergens, illness, injury, fever, breathing, or developmental concerns, and consult a pediatrician or emergency resources for medical decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The source list materially contradicts the skill's safety and quality claim that responses use only peer-reviewed research from top medical journals. It includes blogs, commercial sites, institutional webpages, ResearchGate duplicates, news articles, and other non-peer-reviewed materials, which can mislead users into trusting advice as medically rigorous when it may not be. In a parenting skill for infants and toddlers, that mismatch increases the risk of unsafe or inappropriate guidance on sleep, feeding, allergens, discipline, and development.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README states that the skill activates automatically for broad parenting, child development, or infant care topics, which can cause unintended invocation on common conversations without explicit user intent. In a parenting context this is not inherently malicious, but it can lead to overreach, user confusion, and unrequested guidance in a sensitive health-adjacent domain affecting infants and toddlers.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is triggered by very broad phrases such as 'any parenting question for children under 2,' plus many common topics like sleep, feeding, and screen time. This can cause over-activation in ordinary conversation, routing users into a highly prescriptive skill unexpectedly and increasing prompt-scope hijacking or incorrect tool selection risk, especially in a system with many overlapping skills.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal