ClawHub

Trade Show Competitor Radar

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only trade-show note helper, but users should avoid entering confidential material or unnecessary personal data.

Safe to install as a text-only helper. Before using it, redact confidential competitor materials, avoid naming people unless you already have a lawful business reason to process their details, follow event rules and company policy, and review any action note before sharing it broadly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly encourages users to input overheard conversations and brochure text, but provides no warning about confidentiality, privacy, trade-secret sensitivity, or local recording/collection restrictions. In a competitive-intelligence context, this omission can lead users to submit sensitive third-party information into an AI workflow without consent or handling guidance, increasing the risk of privacy violations, policy breaches, or improper retention of sensitive data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly directs users to flag identifiable people seen engaging at a competitor’s booth for later outreach, but provides no privacy, consent, jurisdictional, or data-minimization guardrails. That can encourage collection and internal sharing of personal data derived from in-person observation without a lawful basis, creating privacy, compliance, and ethical risk, especially at trade shows where attendee identities may be sensitive business information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal