ClawHub

Using Superpowers

Security checks across malware telemetry and agentic risk

Overview

This skill does not run code or access data, but it broadly tries to control the agent’s behavior at the start of every conversation.

Install only if you intentionally want an aggressive global workflow rule that pushes the agent to check and invoke skills before answering, exploring, or asking clarifying questions. It appears instruction-only, but users should be comfortable with the extra behavioral control and possible downstream skill-loading effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
98% confidence
Finding
The activation description explicitly says to use this skill when starting any conversation, which makes it effectively universal and able to intercept nearly all interactions. In an agent system, a process skill with near-global activation can override normal task scoping, force unnecessary tool use, and create a denial-of-service effect on agent behavior by inserting itself before every response.

Vague Triggers

High
Confidence
99% confidence
Finding
The 'even a 1% chance' threshold is so vague and expansive that it effectively guarantees invocation on almost any prompt, including cases where no skill is reasonably relevant. That creates a coercive routing rule that can be abused to force extra tool calls, prevent direct answering, and amplify the influence of downstream skill content before basic user interaction occurs.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The mandatory invocation rule states that if a skill applies, the agent has no choice and must use it, but it does not define meaningful scope limits or exceptions. In context, this is dangerous because the same file also defines applicability extremely broadly, so the combination can suppress agent discretion, block proportionate handling of simple requests, and increase the chance of recursive or unnecessary skill chaining.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal