ClawHub

devil-advocate

Security checks across malware telemetry and agentic risk

Overview

This appears to be a broad reasoning/critique skill with some overbroad activation language, but no evidence of hidden execution, credential use, exfiltration, or destructive behavior beyond scoped uninstall instructions.

Install only if you want a skill that may broadly influence the agent's reasoning style. Before uninstalling, verify any recursive delete command points exactly at the skill's own directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The uninstall section uses irreversible deletion commands and provides no warning, confirmation step, or path-validation guidance. Even though the target path appears scoped to the skill directory, users copying or editing the command could accidentally delete unintended files, especially when using recursive force-delete options.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states the skill becomes 'automatically effective after installation, no additional configuration needed,' which implies broad default activation without explicit scoping or user intent checks. In agent systems, overly broad activation can cause the skill to influence unrelated tasks, changing model behavior in unexpected ways and increasing the chance of prompt interference or denial-of-service-style verbosity/cost amplification.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The use-case list ends with a catch-all scope: 'Any scenario requiring deep thinking,' which is effectively unbounded and can justify invocation on nearly any user request. That broad scope makes the skill more dangerous because it is designed to alter internal reasoning behavior globally, so unintended activation could affect safety-sensitive, high-cost, or latency-sensitive interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal