ClawHub

手机摄影 3e7019

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but the photography skill is visibly mixed with unrelated auto-merged content and ambiguous triggers that could make it activate or answer incorrectly.

Install only if you are comfortable with a low-authority but poorly curated guide. It does not appear to run code or access private data, but the publisher should clean out unrelated merged sections, remove the "7019" trigger, and deduplicate the repeated blocks before this is treated as a reliable photography skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The merged documentation injects unrelated sources such as knife models, trains, and opaque hashes into a skill that is supposed to teach mobile photography. This content pollution can cause the agent to activate on irrelevant topics or produce nonsensical responses, degrading trust and opening the door to prompt/data poisoning through auto-merged sources.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The embedded sub-skill claims to be related to mobile photography but actually centers on vague '7019' tutorial material with unrelated triggers. This semantic mismatch can poison retrieval and routing, causing the assistant to invoke the wrong skill or surface irrelevant instructions when users ask for photography help.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition '用户需要手机摄影相关帮助' is broad enough to match many ordinary requests, increasing the chance of unintended invocation. In this file, that risk is amplified by the presence of contaminated and duplicated content, so accidental activation could route users into low-quality or unrelated guidance.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrase '7019' is extremely ambiguous and not meaningfully tied to mobile photography; it could refer to many unrelated topics. Because the skill already contains merged unrelated material, this trigger materially increases the likelihood of misrouting user requests and skill hijacking by accidental keyword collision.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The merged subsection includes a generic help-request trigger for a mislabeled sub-skill, which can cause activation on broad user asks unrelated to the actual embedded content. In combination with the topic drift in the document, this broad routing rule increases the risk of irrelevant or poisoned responses.

Vague Triggers

Medium
Confidence
84% confidence
Finding
This repeated subsection uses broad activation language without clear boundaries, so it may fire for loosely related requests. Repetition also increases the chance that retrieval or ranking systems overweight the noisy trigger, making unintended invocation more likely.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The duplicated section repeats an unspecific trigger pattern, compounding routing ambiguity rather than adding useful coverage. In a contaminated skill document, duplicated broad triggers magnify the operational impact of data-quality errors and increase false activations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The final repeated broad trigger again permits activation on generic requests, extending the same misrouting risk throughout the file. Given the document's repeated merges and topic contamination, the context makes this more dangerous than a normal broad trigger because it can surface unrelated or malformed skill content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal