ClawHub

app store optimization

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only App Store Optimization helper with marketing-advice cautions but no hidden code, data access, or automatic actions.

Reasonable to install for ASO help. Before publishing any recommendations, verify app store rules, trademark constraints, factual claims, social proof, and localized messaging; treat competitor and market observations as inputs to test, not automatic copy to ship.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is extremely broad and includes common phrases like low downloads or competitor ranking that can appear in ordinary business conversations. This can cause the skill to activate outside narrowly intended ASO contexts, increasing the chance of prompt hijacking, inappropriate routing, or disclosure of user context to a skill that was not actually needed.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The guidance explicitly tells users to copy the exact words from competitor reviews into their own description copy. In an ASO/marketing skill, that can encourage misleading endorsement-style claims, inaccurate reuse of third-party statements, or plagiarism-like marketing behavior if the phrases imply real customer sentiment about the user's app. The skill context makes this more plausible because users are likely to operationalize the instruction directly into store metadata.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The guidance says users in specific countries 'respond to' certain messaging styles, which encodes unsupported cultural stereotypes as prescriptive advice. In an interactive ASO skill, this can systematically steer outputs toward biased localization decisions, producing discriminatory or low-quality market copy and normalizing profiling without evidence or user consent.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal