ClawHub

Jobs-Ive

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only product and design critique guide with no evidence of code execution, credential access, persistence, or data movement.

Install this if you want a strong Apple-like product and design perspective. Be aware it may activate on broad requests such as simplifying copy or making product decisions, so treat its strategy, pricing, and design advice as a creative lens rather than authoritative business guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list and description are broad enough to match many common requests like simplifying copy, naming products, or making strategic choices, which can cause the skill to activate outside narrowly intended contexts. Unintended invocation can override more appropriate skills or inject a strong opinionated persona into ordinary tasks, increasing the chance of misguidance or unsafe downstream behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation section covers very broad everyday activities—product decisions, copywriting, simplification, pitching, and deciding between options—without meaningful constraints. In practice this makes the skill eligible for a large share of normal conversations, creating prompt-routing ambiguity and raising the risk that a forceful stylistic framework is applied where it is inappropriate or harmful.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal