ClawHub

Human Behavior OS

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent marketing and behavior-analysis guide, but it broadly teaches behavior-influence tactics across sensitive domains without clear ethical, consent, or truthfulness boundaries.

Review this skill before installing if you work in healthcare, finance, politics, education, minors' products, crisis support, or other high-stakes contexts. It should only be used for transparent, truthful, consent-respecting marketing or product analysis, and users should add their own rules against deception, false urgency or scarcity, targeting vulnerable people, and manipulative emotional pressure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The invocation description is extremely broad, covering behavior analysis, conversion, persuasion, growth, and campaigns across nearly any domain. That increases the chance the skill is triggered for ordinary requests where users did not explicitly consent to behavioral influence, enabling hidden persuasive steering or over-collection of sensitive contextual signals.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill's core mission is to "identify, understand, predict, and influence human behavior," but it provides no warning that outputs are designed to shape decisions. In this context, omission of an ethics and transparency notice makes the capability more dangerous because users may receive manipulative recommendations without informed awareness or constraints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples explicitly include requests like writing copy that triggers sharing behavior, increasing referral rate, and building persuasive campaigns, while the outputs prescribe "decision nudges," emotional amplification, and interventions to steer behavior. Because there are no accompanying safety boundaries, the skill normalizes manipulative optimization and could be used to exploit fear, urgency, envy, or other psychological levers in harmful or deceptive ways.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This reference provides detailed persuasion frameworks, emotional sequencing, urgency/scarcity patterns, pain amplification, and objection-handling tactics without any ethical guardrails, disclosure requirements, or prohibitions on deceptive and manipulative use. In a skill explicitly designed to optimize conversion and behavior change, that omission materially increases the risk that users will generate copy that pressures, exploits vulnerabilities, or undermines informed decision-making.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal