ClawHub
Back to skill

Security audit

Ai Biomineralization

Security checks across malware telemetry and agentic risk

Overview

This is a content-only Chinese educational skill about biomineralization and does not request file, network, credential, command, or persistence access.

Safe to install as an educational reference skill. Treat its biomedical and dental content as general learning material, not professional medical advice, and specify your preferred language if you do not want Chinese responses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger text is extremely broad: any general question about pearls, bones, or related topics would activate the skill. Overbroad routing can cause this skill to intercept ordinary user requests unexpectedly, reducing user control and increasing the chance of irrelevant or policy-misaligned responses. The content is educational rather than overtly harmful, so the danger is limited mainly to unintended invocation and poor skill isolation.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The description is written to imply Chinese-language interaction by default, without stating that output language should follow the user's preference. This can override user expectations and create a poor or inaccessible experience for users who did not request Chinese, especially in multilingual environments. It is not a direct security exploit, but it is a legitimate policy and usability issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.