ClawHub

2

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only educational skill about the number 2, with no code, credentials, system access, or persistence requested.

Safe to install as a lightweight informational skill. Be aware it may activate more often than expected on broad topics like duality, pairs, binary, or balance, so users who want precise routing may prefer narrower activation wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is designed to activate on a wide range of loosely related topics, including computing, science, philosophy, language, and culture, many of which are common in ordinary conversation. This can cause unintended invocation, leading the agent to insert irrelevant prompt content or override more appropriate skills, which increases the risk of response degradation and prompt-surface expansion.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The listed triggers include ambiguous concepts such as duality, pairs, balance, scientific contexts, computing, and idioms, which are not specific enough to the number 2. In a prompt-based skill system, such ambiguity can cause accidental routing on unrelated user requests, reducing reliability and potentially exposing unnecessary skill instructions in contexts where they do not belong.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation logic is overly broad because it triggers on generic concepts like binary, duality, pairs, philosophy, religion, music, and science references, many of which commonly appear in unrelated conversations. This can cause frequent unintended activation, leading the skill to override user intent, inject irrelevant content, or crowd out more appropriate skills; while not directly code-execution dangerous, it is a real prompt-routing and scope-control weakness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal