ClawHub

Solve Problem

Security checks across malware telemetry and agentic risk

Overview

This skill is a lightweight problem-solving helper, with no executable payload, but its trigger language is broad and may activate more often than users expect.

Before installing, users should understand that common problem-solving phrases may trigger this skill. Install it if that broad activation is acceptable, and consider narrowing the trigger if you only want deliberate, command-style use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "solve problem" is highly generic and can match many ordinary user requests, making accidental or over-broad activation likely. In this skill, the risk is increased because the description and linked implementation imply autonomous knowledge search/research behavior, so unintended invocation could cause unnecessary external lookup, misleading workflow routing, or unexpected downstream actions.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The expanded trigger scenarios include very common phrases such as "怎么办", "如何解决", "遇到问题", and "故障处理", which substantially widen the activation surface beyond a deliberate command. Because this skill is framed as searching knowledge bases and reporting to other components, the broad matching raises the chance of unintended execution, noisy automation, and potentially unsafe chaining into other agent capabilities.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal