Oathe Security Badge

Is AGIstack/pitch-pro safe?

https://clawhub.ai/AGIstack/pitch-pro

92
SAFE

The pitch-pro skill appears to be a legitimate business tool for developing investor and sales pitches. It explicitly commits to local-only data storage and includes appropriate privacy safeguards. The Python scripts perform standard data processing operations without suspicious behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Executable Python Scripts Present -15

The skill contains multiple Python scripts that could be executed by the agent. While they appear to perform legitimate data processing functions, they represent potential code execution vectors.

INFO Sensitive Business Data Processing -15

This skill processes confidential business information including pitch materials, company strategies, and financial data. While it claims local-only storage, users should ensure proper data handling.

INFO Complex Instruction Set -5

The skill contains extensive instructions and workflow definitions that could potentially obscure malicious directives, though none were detected.