ClawHub

CSP课件制作技能

Security checks across malware telemetry and agentic risk

Overview

This skill generates C++ teaching materials and its file, PDF, and dependency behavior mostly matches that purpose, but users should choose a clean output folder and fix the template paths before running it.

Install only in a dedicated workspace. Before running the Node scripts, replace the hardcoded C:/Users/ning/... output paths with your intended folder, review any Move-Item command so it only moves generated files, and remove the Google Fonts import if offline or privacy-preserving HTML output matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script writes output to a hardcoded absolute Windows path in a developer-specific directory. This can cause unauthorized or unexpected filesystem writes on the host running the skill, break portability, and overwrite files in an environment the user did not approve; in an agent skill context, implicit local writes are more concerning because execution may happen on shared or production hosts.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
Hardcoded access to a personal working directory grants the skill unnecessary filesystem context beyond what is required to generate a presentation. Even without overtly malicious logic, unnecessary path assumptions increase the blast radius of execution errors and can expose host-specific structure or create files in sensitive locations.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The template loads Google Fonts from an external domain, which creates an unnecessary outbound network dependency for a locally generated teaching game. Even though this is not code execution, it can leak user metadata such as IP address, user agent, and access timing to a third party, and it also weakens offline/privacy-preserving use of the skill.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger words include very broad everyday phrases like '做课件' and '做教案', which can cause accidental invocation in unrelated contexts. Mis-triggering is dangerous here because the skill then recommends dependency installation, file generation, directory manipulation, and PDF processing, expanding its operational footprint without clear user intent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The scenario description claims applicability to nearly any C++ or competitive-programming teaching request, without firm boundaries or disallowed cases. In a skill that can read PDFs and write structured outputs, such ambiguity increases the chance of overbroad delegation, unintended processing of user files, and execution of risky workflow steps when a simpler answer would suffice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code performs a filesystem write to a fixed local path without any user-facing notice, consent, or runtime choice of destination. In an agent skill, silent local writes are risky because users may not expect host-side persistence, and the behavior can overwrite artifacts or leave files in locations outside the intended workspace.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal