ClawHub

Add Chinese Guides to Paper Sections

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for making Chinese guided-reading notes from user-provided academic papers, with no hidden scripts, credential use, persistence, or destructive behavior found.

Install this if you want an agent to turn academic papers you provide into Chinese guided-reading documents. Be aware that the skill is designed to produce Chinese output by default and can be implicitly selected by an orchestrator, so use it with agents that respect the documented trigger: requests for a Chinese paper guide or reading scaffold.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation without any visible trigger constraints, so an orchestrator could automatically select it in contexts where the user did not explicitly ask for a Chinese guided-reading workflow. That can cause unintended processing of user-provided papers or text and surprising output transformations, increasing the risk of unauthorized data handling or user-intent mismatch.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill is defined to produce Chinese output by default without indicating that this is optional or user-selected. If auto-invoked or used in mixed-language contexts, it may override user expectations, create incorrect disclosures to downstream recipients, or mishandle sensitive academic content by transforming it into a language the user did not request.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal