Security audit

Generate Travel Hospitality Ad Creative Brief

Security checks across malware telemetry and agentic risk

Overview

This is a simple marketing-planning skill that drafts travel and hospitality ad creative briefs, with no executable code or hidden data access found.

Before installing, verify the manual-install repository if you do not use ClawHub, and avoid sharing proprietary campaign details with any external chat or image-generation provider unless that is acceptable for your team.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The suggested prompt '[Generate Travel Hospitality Ad Creative Brief] for my team' is generic enough to overlap with ordinary user requests about travel marketing, which can cause unintended skill invocation. In agent systems that auto-route based on phrase matching, this increases the chance of the skill being triggered without clear user intent, potentially causing incorrect tool use or workflow execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.