ClawHub

Huanzhi Fa Skill Pro V2.8.0

Security checks across malware telemetry and agentic risk

Overview

The skill is a mostly coherent fundraising advisor, but it asks for sensitive memory and follow-up authority while using broad emotional triggers and making an unsupported ClawHub audit claim.

Review before installing. Only use this skill if you are comfortable storing fundraising profiles, BP/term-sheet content, and progress notes locally, and avoid sharing unredacted confidential documents. The publisher should remove the premature ClawHub audit claim, narrow triggers to explicit fundraising contexts, and require confirmation before saving data or scheduling follow-ups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The page presents contradictory security claims: the main content says the skill was 'Audited by ClawHub' and 'Security scan passed', while the sidebar shows the audit as pending. This is dangerous because users may rely on a false assurance of safety and install or trust the skill under incorrect assumptions about its review status.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Broad trigger phrases increase the chance of accidental invocation during ordinary conversation, causing the skill to activate on unrelated user input. In a skill that stores user profiles and tracks interaction history, unintended activation can lead to unnecessary processing or retention of sensitive business and emotional-state data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Keywords like `评分`, `条款`, and similar generic terms lack scope constraints and may match unrelated discussions. This can trigger analysis flows unexpectedly, increasing privacy risk and user confusion, especially when the skill may read files, persist profiles, or generate authoritative-sounding financial guidance without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Emotional-state triggers such as `焦虑`, `放弃`, or `睡不着` are especially risky because they are common phrases in general conversation and may pull users into a specialized financial-advice workflow unintentionally. In this context, accidental invocation could mishandle sensitive mental-health-adjacent disclosures and create inappropriate retention or follow-up behavior like the documented 3-day tracking/follow-up.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list uses very broad everyday words such as '不知道', '怎么办', '急', and '压力', which are common in normal conversation and can match many unrelated user messages. In a skill centered on fundraising anxiety and negotiation coaching, this can cause unintended activation of emotional intervention or persuasive templates, leading to misclassification of user intent and inappropriate guidance at sensitive moments.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The routing table uses broad trigger phrases such as common conversational terms that can easily appear in unrelated user messages, which can cause the assistant to select the wrong module and follow the wrong behavioral path. In a financing advisory skill, this can lead to irrelevant guidance, missed safety disclaimers, or inappropriate collection of profile data during normal conversation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description explicitly advertises broad trigger terms like “融资/条款/焦虑”, which can cause the skill to activate on generic finance or emotional-distress conversations outside the user’s clear intent. In this skill’s context, unintended invocation is more concerning because it has memory, scheduled tasks, knowledge-base access, and file-write capability, so accidental activation could lead to collection, retention, or action on sensitive fundraising data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal