ClawHub

founder-playbook-web3

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only founder coaching skill; its main risks are broad activation wording and consequential startup/crypto advice, not hidden code or credential use.

Reasonable to install as a founder coaching aid. Do not treat it as professional legal, financial, mental-health, or investment advice, and do not share wallet secrets, credentials, private keys, or highly confidential business data. Verify time-sensitive startup, regulatory, fundraising, and crypto claims before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest description says the skill triggers on phrases like "should I", "help me think through", "is this the right move", and "what am I missing." These are common conversational phrases used in many contexts outside startup-founder coaching, and the file does not provide exclusion conditions or tighter constraints on when the skill should or should not activate.

Scope Creep

Low
Category
Excessive Agency
Content
permissions granted by this License.

"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation source, and
configuration files.

"Object" form shall mean any form resulting from mechanical transformation or
Confidence
70% confidence
Finding
not limited to

Scope Creep

Low
Category
Excessive Agency
Content
configuration files.

"Object" form shall mean any form resulting from mechanical transformation or
translation of a Source form, including but not limited to compiled object
code, generated documentation, and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or Object form,
Confidence
70% confidence
Finding
not limited to

Scope Creep

Low
Category
Excessive Agency
Content
Entity authorized to submit on behalf of the copyright owner. For the
purposes of this definition, "submitted" means any form of electronic, verbal,
or written communication sent to the Licensor or its representatives,
including but not limited to communication on electronic mailing lists, source
code control systems, and issue tracking systems that are managed by, or on
behalf of, the Licensor for the purpose of discussing and improving the Work,
but excluding communication that is conspicuously marked or otherwise
Confidence
70% confidence
Finding
not limited to

Scope Creep

Low
Category
Excessive Agency
Content
writing, shall any Contributor be liable to You for damages, including any
direct, indirect, special, incidental, or consequential damages of any
character arising as a result of this License or out of the use or inability to
use the Work (including but not limited to damages for loss of goodwill, work
stoppage, computer failure or malfunction, or any and all other commercial
damages or losses), even if such Contributor has been advised of the
possibility of such damages.
Confidence
70% confidence
Finding
not limited to

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal