ClawHub

Minimalist Entrepreneur

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only business advice skill pack with broad but disclosed routing and no evidence of code execution, credential access, persistence, or hidden behavior.

Safe to install from a security standpoint. Treat the advice as opinionated business coaching, and review recommendations about cold outreach, public sharing, pricing, hiring, or finances for legality, privacy, and fit before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises automatic activation from very generic business-related prompts like finding an idea, pricing, or reviewing a hiring decision, without clear scope boundaries or disambiguation. That can cause unintended invocation during ordinary conversation, steering users into this skill's framework when they did not explicitly request it and potentially overriding more appropriate specialized guidance.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description includes broad activation cues like 'looking for a business idea' and 'wondering where to start as an entrepreneur,' which are common, everyday intents that can overlap with many unrelated conversations. This can cause the skill to trigger unintentionally, leading to irrelevant guidance, user confusion, or hijacking of more appropriate skills, though it does not directly introduce code execution or data exfiltration risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's activation text is broad enough to match many generic business-advice requests, which can cause the agent to invoke this skill in contexts where it is not the best or safest fit. Over-broad routing increases the chance of irrelevant or lower-quality guidance being injected into unrelated conversations, reducing reliability and potentially crowding out more appropriate skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal