ClawHub

Ai Tai Chi

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tai Chi guidance skill with no executable code, but users should treat its health guidance and optional video review carefully.

Before installing, understand that this is general Tai Chi guidance, not medical advice. Avoid relying on it for injuries, chronic conditions, pain, dizziness, osteoporosis, cardiovascular issues, or rehabilitation without a qualified clinician. If you upload practice videos, crop or anonymize them where possible and avoid exposing other people, minors, private spaces, documents, or location clues.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill gives health and quasi-rehabilitation guidance, including claims about falls, blood pressure, chronic pain, and exercise frequency, without any disclaimer that it is not medical advice or instruction to consult a clinician for pain, chronic disease, or mobility limitations. In a fitness/wellness context, users may rely on the advice for self-treatment or continue unsafe practice despite symptoms, which can worsen injuries or delay appropriate care.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly encourages users to upload practice videos but provides no notice about what personal data may be contained in videos, how that data should be minimized, or that users should avoid sharing sensitive or identifiable information. Videos can expose faces, homes, other people, health status, and location clues, creating unnecessary privacy risk if users are not warned before sharing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal