ClawHub

Compose Methods

Security checks across malware telemetry and agentic risk

Overview

This is a text-only writing-method skill that asks the user to choose a composition workflow and does not add hidden access or execution behavior.

Install this if you want a general framework for organizing structured outputs. For specialized legal, medical, financial, security, or domain-specific work, explicitly prefer a specialized skill or tell the agent not to use this methodology. When using sample-based workflows, only provide samples you are allowed to share and review outputs for privacy and copyright issues.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation scope is overly broad because it can trigger for essentially any structured-content request even when the user did not ask for this methodology. In an agent setting, that can cause inappropriate interception of requests, override more specialized skills, and lead to irrelevant workflow steps such as unsolicited method selection or network-search behavior.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill metadata and behavior are Chinese-centric without indicating language negotiation, which can force output into an unintended language or reduce usability for users operating in other languages. While not a classic security flaw, it can cause instruction mismatch, user confusion, and unsafe misunderstandings when content generation depends on precise language expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal