ClawHub

Deeptechnic — Technical Due Diligence Framework

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a due-diligence workflow, but it also normalizes storing user feedback and diligence content into training datasets and includes a credential-using training script, which needs careful review before use.

Install only if you are comfortable with the skill recording project feedback and potentially adding it to a training dataset. Do not use it with confidential startup materials unless you first remove or disable feedback-to-training steps, review the SkillOpt script, and control any API keys and external model calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises itself as a documentation-style due diligence framework, yet the analyzer detected capabilities associated with reading environment variables and writing files without any declared permissions or user-facing disclosure. Hidden capability expansion is dangerous because it can enable unauthorized access to credentials or local artifact creation while bypassing expected policy review for the skill.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
This is a strong description-behavior mismatch: the skill claims to provide deep-tech due diligence guidance, but the detected behavior includes running training/evaluation loops, accessing model/API credentials from the environment, calling external LLM endpoints, and writing local artifacts. That mismatch materially increases risk because a user invoking a benign analysis skill would not reasonably expect credential use, external data transfer, or filesystem side effects.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill expands from post-report feedback collection into writing records into a cross-project training dataset, which is a materially different function than due-diligence support. That creates data governance and scope-creep risk because user/project feedback may be repurposed for model training without clear separation, approval, or minimization.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Dataset curation and retraining-trigger logic are unrelated to the declared due-diligence task and introduce hidden operational behavior. A skill that silently influences future model training can propagate bad labels, leak sensitive business context, and create hard-to-audit downstream effects.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Cross-project aggregation and threshold checks for retraining are outside the stated purpose and encourage reuse of project-specific feedback at portfolio scale. This increases the blast radius of errors or sensitive-data inclusion because one project's conversational content can affect broader datasets and models.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The skill tells the agent to infer satisfaction from silence or absence of feedback while also claiming data must not be fabricated or inferred. This contradiction will generate unreliable labels and poisoned training data, which is especially risky because the outputs are later persisted and reused for model optimization.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instruction to capture user feedback and structure it as training data creates a privacy and consent risk because due diligence workflows often contain confidential business, technical, and possibly personal information. Collecting and repurposing that material for training without notice, minimization, or consent can lead to unauthorized retention and secondary use of sensitive data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The verification checklist normalizes appending interaction data to a dataset as part of completion criteria, which encourages routine retention of potentially sensitive user-provided content. In the context of investment due diligence, that content may include confidential startup data, making silent dataset accumulation especially risky.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The alias trigger "claim验证" is broad enough to match many ordinary requests for generic claim checking, which can cause this specialized deep-tech due-diligence skill to activate outside its intended scope. That increases the chance of inappropriate routing, unnecessary independent-analysis behavior, or user confusion when a simpler fact-checking or general evaluation workflow was intended.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation examples like "分析一下这个技术指标是否可行" and "帮看看这个参数是否合理" are generic and can attract requests far outside startup hard-tech due diligence. Ambiguous examples increase misrouting risk by teaching the agent to apply this skill to loosely related technical questions without confirming the required context or boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs retention and reuse of user feedback for training purposes without any user-facing notice, consent flow, or retention policy. In a due-diligence context, feedback can contain sensitive commercial, technical, or personal information, so undisclosed reuse creates privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Writing a persistent feedback record file in the project folder can store quoted user conversation content that may include sensitive diligence details. Without minimization, classification, or access controls, this creates avoidable exposure in shared repositories or workspaces.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Appending user feedback into a shared items.json training dataset risks privacy leakage, dataset contamination, and irreversible downstream propagation into future model behavior. Because the skill does not require sanitization or review, a single bad or sensitive entry can affect both data quality and confidentiality at scale.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill is written entirely in Chinese without offering a language fallback or documenting that it is intentionally restricted to Chinese-speaking operators. In a due-diligence workflow, this can cause users or downstream agents to misunderstand process steps, omit required verification actions, or apply the skill inconsistently, leading to flawed analysis and governance gaps.

Ssd 3

Medium
Confidence
96% confidence
Finding
This instruction semantically encourages retaining and possibly leaking user feedback by turning it into training data after delivery. Because the skill domain involves sensitive investment and technical diligence materials, even benign operationalization of this instruction could expose proprietary or identifying information beyond the original task scope.

Ssd 3

Medium
Confidence
96% confidence
Finding
Embedding dataset-appending into the checklist operationalizes a data retention pattern that can cause users' confidential diligence inputs to be persistently stored and reused. The danger is elevated here because hard-tech due diligence commonly includes non-public technical claims, supplier details, and team information that should not flow into general datasets.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal