ClawHub

Transformer Optimize E72719

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable learning note that mixes two topics and has broad triggers, but it does not ask for dangerous access or hidden actions.

Install only if you are comfortable with a loosely scoped learning note. It should be cleaned up by separating the MATLAB Transformer forecasting material from the DSPy/Andrew Ng material and narrowing the triggers, but it does not show malware-like behavior, credential handling, persistence, or destructive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The merged section introduces a second, contradictory skill centered on DSPy/Andrew Ng content that is unrelated to the declared MATLAB Transformer forecasting purpose. This creates scope confusion and can cause the agent to activate or respond using the wrong instructions or knowledge domain, which is a real integrity problem for skill routing and user expectations.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documented behavior is inconsistent with the listed sources and merged material, which are largely unrelated to MATLAB-based Transformer time-series forecasting. In an agent system, this mismatch can lead to incorrect tool selection, misleading outputs, and unintended invocation of a skill outside its stated domain.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase '用户需要transformer-optimize相关帮助' is too broad and lacks clear semantic boundaries. Overbroad activation criteria increase the chance of accidental invocation, causing the agent to apply this skill in unrelated contexts and potentially override more appropriate instructions or tools.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using '吴恩达' alone as a trigger is extremely generic and likely to collide with ordinary conversation about Andrew Ng, AI courses, or machine learning broadly. This can cause frequent false activations and route unrelated user requests into the wrong skill context.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The merged section's trigger for any request related to 'transformer-optimize-e72719' is open-ended and undefined. In combination with the already inconsistent merged content, this broad trigger increases the likelihood of unintended skill activation and incorrect responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal