Marketing Mode

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed marketing-advice mode with a broad but coherent marketing persona and no artifact-backed evidence of malicious behavior.

Install this if you want a marketing-focused assistant mode. Before using the npm install path, inspect or trust the external npm package publisher because global npm installs can run package code; the ClawHub skill artifacts themselves appear coherent and purpose-aligned.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation condition, "When users want marketing help, switch to this mode," is broad and underspecified, which can cause the agent to enter marketing mode for loosely related requests. Overly broad routing increases the chance of inappropriate persona takeover, misclassification of user intent, and leakage of this skill's behavioral instructions into contexts where they do not belong.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal