ClawHub

socratic-business-model-canvas(苏格拉底追问式商业模式画布)

Security checks across malware telemetry and agentic risk

Overview

This is a prose-only Business Model Canvas coaching skill with broad activation wording but no hidden code, data access, persistence, or destructive behavior.

Before installing, be aware this skill may activate for broad business-strategy prompts, not only explicit Business Model Canvas requests. Use it with business details you are comfortable sharing in the chat, and verify whether the platform's crypto or purchase tags have any practical permission effect in your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README only says to trigger the skill in OpenClaw and follow the questions, but it does not define concrete activation phrases, scope limits, or deactivation boundaries. That ambiguity can cause accidental invocation or make the skill activate in unintended contexts, which is a genuine prompt-safety and usability risk even though the content itself is not overtly malicious.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description includes an extremely broad 'Use when' trigger list spanning generic business, product, startup, strategy, and monetization phrases in two languages. This can cause the skill to activate in contexts well beyond a focused Business Model Canvas exercise, increasing the chance of unintended routing, irrelevant guidance, and prompt-scope collisions with other skills or system behavior.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal