ClawHub

华目眼镜

Security checks across malware telemetry and agentic risk

Overview

This is a coherent brand knowledge-base skill for 华目眼镜 with disclosed reference lookups, optional labeled web search, and a QR image helper, without evidence of hidden access, persistence, credential use, or destructive behavior.

Reasonable to install if you want 华目眼镜 reference answers. Verify prices, store details, business terms, contact numbers, and QR codes before relying on them for purchases or cooperation, and treat any web-search-based eyewear advice as general information rather than official brand guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
78% confidence
Finding
The skill expands from a closed brand knowledge base into open-ended web search for general eyewear advice, which changes its trust boundary and can expose users to unvetted external content. In a brand-specific skill, this increases the chance of misinformation, prompt-scope bypass, and retrieval of malicious or irrelevant content from the internet under the apparent authority of the skill.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
Granting internet search capability to a brand-specific knowledge-base skill is unnecessary for its stated function and broadens the attack surface without clear justification. This can cause data provenance confusion and make users trust external content as if it were authoritative brand information.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The comment explicitly says the script may be 'sent to an AI to execute', encouraging delegated execution of code embedded in a skill artifact. In an agent ecosystem, this normalizes unsafe behavior and can prime users or downstream tools to execute packaged code without proper review, which increases social-engineering and prompt-injection risk even if this specific script is harmless.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal