ClawHub

Nudgen: AI-Powered Email Retention & Automation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Nudgen integration skill with disclosed credential and CLI/API use, though users should be careful with its broad trigger wording and remote installer example.

Install this only for Nudgen-specific work. Use account tokens with the least access needed, verify active team context before mutating or deleting data, and prefer inspecting or pinning the Nudgen CLI installer instead of piping a remote script directly into bash.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill advertises activation on broad phrases like "general marketing automation tasks," which can cause the agent to invoke this skill for requests outside the intended Nudgen-specific scope. Over-broad triggering increases the chance of inappropriate tool use, irrelevant instructions being injected into unrelated workflows, or accidental exposure of sensitive operational guidance in contexts where it is not needed.

External Script Fetching

Low
Category
Supply Chain
Content
### Install script

```bash
curl -fsSL https://raw.githubusercontent.com/Nudgen-Marketing/nudgen-cli/main/scripts/install.sh | bash
```

### Go install
Confidence
96% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/Nudgen-Marketing/nudgen-cli/main/scripts/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### Install script

```bash
curl -fsSL https://raw.githubusercontent.com/Nudgen-Marketing/nudgen-cli/main/scripts/install.sh | bash
```

### Go install
Confidence
98% confidence
Finding
| bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal