ClawHub

AI灾害应急助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Chinese emergency-preparedness guidance skill, with safety caveats to consider but no evidence of hidden access, persistence, data theft, or destructive behavior.

Install only if you can read Chinese comfortably and treat the content as general preparedness guidance, not a substitute for local emergency services, official alerts, certified first-aid training, or medical/rescue professionals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill provides extensive emergency, disaster-response, and first-aid instructions, including CPR, AED, airway obstruction, bleeding control, fractures, burns, and disaster evacuation, but it does not prominently warn that the guidance may be incomplete, situation-dependent, or not a substitute for local emergency services and trained responders. In a life-threatening context, users may rely on simplified or generic instructions instead of immediately contacting emergency services, which can lead to delayed care, inappropriate actions, or physical harm.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill is presented entirely in Chinese without offering a language option or documenting that it is intentionally restricted to Chinese-speaking users. In emergency and first-aid scenarios, language mismatch can cause dangerous misunderstanding or make urgent instructions unusable for non-Chinese readers who encounter the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal