ClawHub

Ouroboros + Superpowers

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only development workflow skill with disclosed planning, editing, testing, and optional commit behavior, and no hidden scripts or credential access.

Install this only if you want a structured coding workflow that can guide file changes, tests, subagent work, and commits. Use specific triggers like "우로보로스", "ouroboros", "슈퍼파워", or "superpowers" when possible, and review the generated spec, plan, execution mode, diffs, and commits before approving changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger term "전체" is a common everyday Korean word meaning "entire/all," so it can easily appear in normal conversation unrelated to invoking this skill. Because the skill performs a multi-phase development workflow from Phase 1 to 5 when triggered, accidental activation could cause the agent to change behavior unexpectedly, start planning/execution flows, or bypass the user's intended interaction mode.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using common conversational words like "빨리" or "간단히" to switch into a shortcut mode is risky because users often say them as general preferences rather than as an instruction to alter safety or process rigor. In this skill, shortcut mode reduces questioning and may skip the spec phase, increasing the chance of acting on ambiguous requirements or changing workflow behavior without clear consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal