ClawHub

Llm Service Manager 4cadc0

Security checks across malware telemetry and agentic risk

Overview

The skill appears mislabeled and may activate for the wrong task, showing unrelated Windows/Autodesk troubleshooting under an Obsidian/math note-taking identity.

Review this skill before installing. Ask the publisher to split or rename the skill so the manifest, triggers, and body describe one clear purpose, and avoid using it for system-service troubleshooting unless you intentionally want those instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The skill presents itself as an Obsidian/math note-management guide, but the merged body shifts into Windows/Autodesk service-troubleshooting content. This kind of semantic mismatch can cause the wrong skill to activate, mislead reviewers and users, and hide unrelated or riskier behavior inside apparently harmless metadata.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises Obsidian note-taking guidance, while most of the file documents Autodesk Genuine Service and Windows service issues. A full-file description/content mismatch undermines trust boundaries, makes security review unreliable, and can be used to smuggle unexpected instructions under innocuous labels.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition includes broad help-seeking language for 'llm_service_manager相关帮助', which is not narrowly scoped to a specific task. Overbroad triggers increase the chance of accidental invocation in unrelated conversations, exposing users to irrelevant or unexpected instructions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
This trigger phrase again uses generic 'related help' language for a specific skill identifier, making activation possible in normal support conversations rather than only on deliberate invocation. In a file already suffering topic confusion, broad triggers amplify misrouting risk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill can be activated by broad assistance-seeking text instead of a tightly scoped command. Because the document contains multiple merged identities, this ambiguity raises the likelihood that users get the wrong workflow or troubleshooting guidance.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger overlaps with ordinary support phrasing, which can cause unintended activation. When combined with mislabeled content, unintended activation can surface unrelated system-service troubleshooting steps to users who asked for something else.

Vague Triggers

Medium
Confidence
87% confidence
Finding
This repeated generic trigger pattern increases accidental matching and compounds the confusion created by duplicated, merged content blocks. Repetition across the file suggests poor skill hygiene and weak control over when the skill should run.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal