ClawHub

Union Ad Minimalist

Security checks across malware telemetry and agentic risk

Overview

This skill is a branded UnionSkill PPT generator whose visible behavior matches its stated purpose, with no evidence of credential access, hidden persistence, exfiltration, or destructive actions.

Install this only if you want UnionSkill-branded presentation outputs. Review the confirmed outline before generation, avoid providing sensitive or proprietary material unless you intend it to appear in the final deck, and verify the separate ppt-generator assembler dependency before using the Python packaging step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill automatically injects UnionSkill branding, watermarks, metadata, and a cooperation note into deliverables, but this behavior is not clearly disclosed up front in the user-facing description. That creates a transparency and consent problem: users may unknowingly distribute branded or attribution-bearing files, which can cause reputational, contractual, or confidentiality issues in professional contexts.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill states that it accepts user documents, conversation content, and reference materials, then extracts and reuses that content in generated outputs, but it does not clearly warn users that supplied material will be processed and incorporated into files. This can lead to accidental inclusion of sensitive, proprietary, or private information in images, PPTX content, or packaged deliverables.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal