ClawHub

Ai Chat Enhancer

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed chat-assistance prompt/history/template helper, with no executable files and no evidence of malicious behavior.

This appears safe to install as a markdown skill, but users should be aware that its trigger wording is broad. If using it in an environment that stores real chat history or cached model responses, avoid sensitive data unless storage location, retention, and clearing behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger phrase includes the standalone common word "Chat", which is likely to appear in many unrelated user requests. In an agent skill system, this can cause accidental activation, unintended context injection, or execution of skill behavior outside its intended scope, especially because the skill also manages chat history and templates.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition "用户需要ai-chat-enhancer-0f5a92-ee0c4d-0ab048相关帮助" is ambiguous because it does not define how the system should reliably determine that intent or what counts as related help. Ambiguous activation criteria can lead to over-triggering, where the skill activates on loosely related requests and influences agent behavior unexpectedly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
This trigger condition also relies on a vague semantic test for whether the user 'needs' help related to the skill, without explicit boundaries. In a multi-skill environment, such ambiguity increases the chance of misrouting user requests and exposing unrelated conversations to this skill's prompt templates, history handling, or cached behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal