ClawHub

AI Transformation Sprint

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only planning skill for AI adoption in engineering teams, with no executable install behavior or hidden data access.

Safe to install as a planning/template skill. Before adopting its recommendations, validate productivity claims with a small pilot, avoid sharing unnecessary sensitive code or business data with AI tools, and require human approval plus rollback plans for automated documentation, testing, review, or custom-agent workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to match many generic requests about AI adoption, tooling, workflow improvement, or productivity, which can cause the agent to activate this skill outside its intended niche. Over-broad activation increases the chance of inappropriate context capture, irrelevant guidance, or interference with more suitable specialized skills, especially in enterprise environments discussing development processes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation examples are highly open-ended and encourage broad prompting patterns like design AI workflow or generate training materials for a role, without defining constraints or exclusion criteria. This makes the skill easier to invoke accidentally for loosely related requests, increasing misrouting risk and potentially causing the model to produce authoritative transformation plans where a narrower or safer workflow would be more appropriate.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The roadmap explicitly describes a workflow where 'AI updates relevant docs (auto)' after code changes, but it does not warn that project files may be modified automatically or require explicit guardrails beyond a brief engineer review. In an AI-adoption skill, encouraging automatic file modification without clear approval boundaries, scope restrictions, or rollback controls can lead to unintended or unsafe repository changes at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal