ClawHub
Back to skill

Security audit

Generate Independent Insurance Agency Client Education Handout

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill for drafting insurance client education handouts, with no hidden execution, persistence, credential handling, or destructive behavior found.

Install through ClawHub if you need a drafting aid for general insurance education handouts. Review all generated content for accuracy, jurisdiction, carrier/product specifics, and compliance before sharing with clients, and verify the external GitHub repository if using the manual install instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is overly broad and says to use the skill for unspecified client education work without defining boundaries, required inputs, or disallowed scenarios. In an agentic system, vague invocation criteria can cause the skill to be selected in inappropriate contexts, leading to inaccurate insurance guidance, misleading client-facing content, or automation of regulated communications without adequate review.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The 'Use When' section provides only a generic audience and broad task category, but no constraints on topic, risk level, or approval requirements. This increases the chance an agent will invoke the skill for sensitive insurance communications where errors, omissions, or noncompliant explanations could create client harm or regulatory exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.