ClawHub

智能站会生成器

Security checks across malware telemetry and agentic risk

Overview

This standup-report skill is mostly purpose-aligned, but it asks for broad workplace-data access and can automatically post reports to team channels without clearly documented confirmation or scoping controls.

Review the configured data sources, repositories, chat scopes, calendar access, and destination channels before installing. Use least-privilege tokens, avoid broad workspace-wide access, and require a manual review step before reports are posted to Slack, Teams, Feishu, DingTalk, or email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example invocations are broad natural-language requests such as generating today's standup or analyzing team trends, which can overlap with ordinary user prompts and cause the skill to activate unexpectedly. Because the skill aggregates data from Git, Jira, chat, and calendar sources and may push results to external channels, accidental triggering could expose internal work summaries or perform unintended actions.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
One example explicitly directs output in Chinese without indicating that language selection is user-controlled, which suggests the skill may force a language choice independent of user preference. This is primarily a safety and UX issue, but in a workplace reporting context it can cause miscommunication, reduce operator awareness, or lead users to share content they do not fully verify before posting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal