ClawHub

Jarvis Bug Triage 01

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a markdown-only bug triage workflow with no executable behavior or hidden access requests.

Install only if you want a general bug-triage planning aid. Be aware that its wording may make it activate for broader development planning tasks, but the reviewed evidence does not show hidden execution, data access, or persistence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description says the skill should be used for 'development work' broadly, which can cause it to activate outside its stated niche of production bug triage. Over-broad activation increases the chance of inappropriate skill selection, workflow confusion, and unintended instruction precedence in unrelated tasks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The main instruction, 'Deliver a concrete, reusable workflow for development tasks,' is generic enough to fit many planning or execution skills, not just bug triage. This ambiguity can lead to the skill being invoked in the wrong context, diluting specialization and potentially causing incorrect operational guidance.

Vague Triggers

Low
Confidence
82% confidence
Finding
The example prompt about turning 'messy notes into a production-ready plan' is a broad planning trigger that does not uniquely indicate bug triage. Such examples can cause accidental activation for general planning tasks, reducing routing precision and increasing overlap with unrelated skills.

Vague Triggers

Low
Confidence
84% confidence
Finding
The phrase 'risk-first action sequence with acceptance checks' is generic workflow language and could match many operational or planning scenarios beyond bug triage. In a skill-routing system, ambiguous examples can broaden invocation conditions and produce misapplication of the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal