ClawHub

520

Security checks across malware telemetry and agentic risk

Overview

This is a text-only informational skill about the number 520, with no code execution, credential use, persistence, or data access.

This appears safe to install as a lightweight reference skill. Be aware it may activate for broad 520-related prompts, and independently verify factual or cultural claims before relying on them for money, gifts, travel, or formal decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill declares that it activates whenever a user 'mentions or implies topics related to the number 520,' which is an overly broad natural-language trigger. Broad activation can cause unintended interception of loosely related conversations, increasing the chance of irrelevant prompt injection, context hijacking, or incorrect routing to this skill when the user did not actually request it.

Vague Triggers

Low
Confidence
84% confidence
Finding
The trigger list includes broad references to 'related codes like 5201314, 521, 1314' without defining boundaries for when those numbers are actually in scope. Because numeric strings commonly appear in unrelated contexts, this can lead to accidental activation and response contamination, though the subject matter here is informational rather than inherently high-risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill declares activation when a user 'mentions or implies' topics related to 520, which creates an imprecise trigger boundary. In prompt-routing systems, vague activation criteria can cause the skill to fire on loosely related content, leading to incorrect routing, response hijacking over more relevant skills, or accidental disclosure of irrelevant instructions/context.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation list uses broad language like 'implies' and includes wide topical categories such as mathematics, science, or technology involving 520. This can over-match ordinary queries containing the number or adjacent concepts, causing unintended invocation and reducing routing integrity, though it does not by itself introduce code execution or direct data-exfiltration behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal