ClawHub
Back to skill

Security audit

AIGC佬猫原创IP漫剧专家

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese creative workflow skill with no code, credential use, or data-access behavior; the scanner concerns are mainly usability and activation-scope issues.

Install this if you want a Chinese-language, highly structured comic/IP creation workflow. Non-Chinese users may find the fixed prompts hard to follow, and users should invoke it deliberately because its trigger terms are broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description contains many broad trigger phrases for general creative topics, which can cause the skill to activate for unrelated user requests. This increases the attack surface for prompt hijacking, unintentional routing, and user confusion because a highly prescriptive workflow may take over conversations that only loosely mention IP creation or comics.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill mandates Chinese-language interaction and fixed Chinese prompts without offering a language-selection step. This can mis-handle user intent, conceal important workflow constraints from non-Chinese users, and make consent/confirmation steps ineffective if the user cannot understand the forced interaction language.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill is written to operate entirely in Chinese and repeatedly mandates fixed interaction behavior without offering the user any language choice or fallback. This can override user preferences, reduce transparency, and create prompt-steering behavior where users may misunderstand outputs, warnings, or consent steps, especially in multilingual environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.