ClawHub

意图分类器

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only intent-routing skill whose main risk is inaccurate or over-eager routing, not hidden code execution or data access.

Install this only if you want a lightweight routing aid. Treat its classifications as suggestions, and require explicit confirmation before allowing any routed downstream skill to run commands, edit or delete files, search private memory, or perform multi-step automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
96% confidence
Finding
The activation phrases "识别意图 / 分类任务 / 智能路由" are broad, generic terms that can easily appear in normal user conversation or adjacent system flows. In a routing skill, broad activation increases the chance of accidental invocation and unintended interception of requests, which can misroute tasks to other skills or alter the agent's control flow.

Vague Triggers

High
Confidence
95% confidence
Finding
The task keywords include extremely common terms like "请" and "做", which appear in ordinary requests and provide almost no security boundary for determining whether a task should be classified as executable or routed for action. In an intent router, this can cause over-classification into TASK, leading downstream components to perform file, command, or multi-step operations based on ambiguous text.

Vague Triggers

High
Confidence
97% confidence
Finding
The regex patterns such as '^帮我.*' and '^写一个.*' are overly broad and will match many benign conversational openings, making the router vulnerable to accidental or adversarial prompt capture. Because these matches directly feed routing decisions, a user can trigger sensitive code/task paths with minimal phrasing, increasing the risk of unsafe delegation or unintended skill chaining.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal