ClawHub

Copywriting Generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese marketing copywriting helper that runs locally with Node and does not request account access, credentials, network access, persistence, or destructive permissions.

Safe to install based on the provided artifacts. Use it as a local copywriting/template helper, and review generated marketing claims, discounts, testimonials, and product-effect statements for accuracy and advertising compliance before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are generic natural-language requests such as '帮我写...' and '帮我优化...' without any explicit trigger boundaries, namespacing, or invocation syntax. In agent environments, overly broad phrases can cause accidental skill activation during normal conversation, leading to unintended execution paths, prompt hijacking opportunities, or surprising behavior when users are merely discussing copywriting rather than intentionally invoking the skill.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill metadata, description, and all usage examples assume Chinese-language operation with no stated locale negotiation or user opt-in. This can create unsafe or misleading behavior in multilingual deployments by overriding user language expectations, causing misinterpretation of requests, incorrect outputs, or reduced transparency about what the skill will do.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal