ClawHub

Data Analyzer From Bilibili

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable data-analysis skill with irrelevant Bilibili notes, but no evidence of hidden commands, data theft, persistence, or destructive behavior.

Install only if you are comfortable with a low-risk but noisy data-analysis helper. The skill should ideally be cleaned up to remove unrelated Bilibili history and narrow its activation language, but the reviewed artifact does not show hidden execution, credential access, persistence, or destructive behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill file claims to implement data analysis, but most of the body is unrelated accumulated Bilibili learning history, including miscellaneous media, gaming, and opaque identifiers. This creates skill-definition drift and untrusted context pollution: an agent selecting this skill may ingest irrelevant or attacker-influenced content instead of reliable task instructions, increasing the chance of incorrect behavior, prompt contamination, or unintended retrieval of unrelated external material.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation states the skill was crystallized from successful data-analysis execution, but the embedded examples do not substantiate that claim and are largely unrelated. This false provenance can cause downstream systems or users to over-trust the skill, leading to inappropriate invocation and reduced scrutiny of contaminated content.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad generic requests such as analyzing data, trends, tables, or uploaded files, which can cause the skill to activate in many normal conversations. In the presence of misaligned or polluted skill content, over-broad activation increases the chance that unrelated or unsafe instructions are injected into user workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal