ClawHub

Deeptutor F75dc7

Security checks across malware telemetry and agentic risk

Overview

This is a small Chinese-language reference skill about deeptutor comparison content, with no executable code or hidden system access.

Install this if you want a Chinese-language deeptutor reference skill based on the cited video material. Be aware it may trigger on broad deeptutor-related requests, so users who do not want Chinese-language responses for that topic may prefer a more narrowly triggered version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger activates on the single generic term "deeptutor", which is broad enough to match many ordinary user messages and cause unintended skill invocation. Over-broad activation increases the chance that unrelated conversations are steered by this skill's instructions or content without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rule "用户需要deeptutor相关帮助" is ambiguous and subjective, leaving broad discretion for the system to invoke the skill whenever a message is loosely related. This can lead to unintended triggering, context confusion, and inappropriate skill execution in conversations where the user did not explicitly request it.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill content and triggers are entirely in Chinese, but there is no indication that activation is limited to Chinese-speaking users or that locale/language preference is checked first. This can cause accidental invocation for users who do not understand the skill output, creating confusion and reducing user control, though the security impact is limited compared with direct code execution or data exposure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal