ClawHub

Ai安全 B9b1fb

Security checks across malware telemetry and agentic risk

Overview

The skill appears to mix an AI security learning purpose with unrelated subscription endpoint and token-like content, so it should be reviewed before installation.

Do not install this version unless the publisher explains and removes the unrelated subscription endpoint, token-like strings, and duplicated broad triggers. VirusTotal was clean, but that does not resolve the content-level mismatch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as an AI security learning guide, but the embedded content abruptly shifts to subscription URLs, token-like strings, hashes, and unrelated media references. This mismatch indicates the skill content has been contaminated or repurposed, which can mislead users or downstream agents into handling unrelated and potentially sensitive artifacts under a trusted security-themed label.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
Later merged sections fully redefine the skill as a raw subscribe endpoint with repeated token-bearing content instead of an AI security guide, suggesting either prompt/content poisoning or deliberate repackaging of a subscription artifact as a trusted skill. In skill ecosystems, this creates a high risk of unintended network access, propagation of unvetted endpoints, and abuse of user trust through deceptive context.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The file exposes a concrete client subscription endpoint and token-like access parameter that are not justified by the declared purpose of teaching AI security concepts. Even without execution, embedding such artifacts in a broadly triggered skill can facilitate credential leakage, unauthorized subscription reuse, or social engineering by presenting a suspicious endpoint as legitimate instructional material.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger scenarios are broad phrases like 'AI安全' and '大白哥AI与安全', which can cause this skill to activate in many unrelated conversations. Because the skill content is already inconsistent and contains suspicious artifacts, overbroad invocation materially increases the chance that users or agents are exposed to poisoned or irrelevant content.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest trigger string includes generic terms related to AI security and vulnerability finding, making accidental invocation likely. In the context of a skill containing endpoint and token-like data, this broad activation surface increases the operational risk beyond a mere quality issue.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The repeated trigger phrases include 'xn', which is extremely vague and likely to collide with unrelated text. In a skill that has been redefined around a suspicious punycode-like domain and subscribe endpoint, such underspecified triggers look like an attempt to maximize invocation opportunities for untrusted content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
This additional repeated trigger block remains broad and ambiguous, extending the number of ways the malformed skill can activate. Repetition of low-specificity triggers across merged sections compounds the risk of unintended invocation and suggests weak governance over imported content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The final repeated merged trigger block again contains underspecified activation phrases, preserving an unnecessarily large attack surface. Given the surrounding deceptive content drift and exposed endpoint/token material, these triggers make the skill more dangerous by increasing the likelihood of accidental or opportunistic use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal