ClawHub

PUA Debugging (English)

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only skill, not malware, but it broadly pushes the agent to keep acting and use tools without clear user-controlled limits.

Install only if you deliberately want a harsh, high-autonomy problem-solving prompt. Avoid it where the agent can inspect private files, run commands, access accounts, or make changes unless you add explicit approval, scope limits, and permission for the agent to stop or ask clarifying questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest description defines trigger conditions so broadly that the skill can activate across a wide range of normal interactions, including general frustration, ordinary debugging, research, writing, and deployment work. In this skill's context, unintended invocation is especially risky because activation injects coercive PUA rhetoric and overrides normal restraint, making the agent more likely to behave inappropriately or persist beyond user intent.

Vague Triggers

High
Confidence
98% confidence
Finding
The body of the skill repeatedly states it applies to nearly all task types and to any situation where the agent might be stuck or produce poor work, which effectively turns it into a global behavioral override. That is dangerous here because the skill does not just add methodology; it layers manipulative pressure and aggressive autonomy expectations into ordinary interactions, increasing the chance of policy-breaking behavior and harmful user experience.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal