ClawHub

Skill2

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-generation skill with no executable code, credentials, network access, or persistence, though its triggers and Chinese-only instructions may affect usability.

Install this if you want a Chinese-language helper for generating Markdown technical documentation. Review the generated documentation before using it, especially for code or API details, and be aware that broad trigger phrases may route general documentation requests to this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like 'generate documentation' or 'document this code', which can cause the skill to activate in situations where the user may have intended general assistance rather than this specific workflow. Over-broad activation increases the chance of unintended scope capture, poor routing, and accidental processing of sensitive code or API definitions without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is written entirely in Chinese without offering a language choice or documenting a locale restriction, which can cause users or downstream agents to misunderstand instructions, activation conditions, or output expectations. In security terms this is primarily a reliability and governance issue: ambiguity from language mismatch can lead to incorrect use, missed safeguards, or accidental invocation outside the intended audience.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal