ClawHub

Huanzhi Fa Skill Pro V2.8.0

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for fundraising advice and shows no malware or exfiltration, but it asks to persist sensitive founder materials and schedule follow-ups while using broad triggers and inconsistent security-audit claims.

Install only if you are comfortable with a Chinese-first fundraising advisor storing founder profile data, uploaded BP materials, diagnosis history, and term-sheet context locally under data/users/. Before using it with confidential documents, confirm how to delete stored files, whether reminders can be disabled, and do not rely on the artifact's 'Audited by ClawHub' claim until the marketplace audit status is consistent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The page presents contradictory security assurances: the content says the skill was 'Audited by ClawHub' and 'Security scan passed ✓' while the sidebar shows the security audit is still pending. Conflicting trust signals can mislead users into installing or trusting a skill under false security assumptions, which is especially concerning for a skill that claims local handling of user business documents.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad trigger terms can cause the skill to activate in unrelated conversations, increasing the chance that sensitive fundraising, legal, or emotional-content prompts are captured or processed unintentionally. In a skill that stores user profiles and BP-related data, unintended activation raises privacy and data-minimization risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The listed keywords include generic terms such as ‘条款’, ‘估值’, ‘焦虑’, and ‘迷茫’, which are easily encountered in unrelated contexts. This can trigger the skill on sensitive personal or business discussions without clear user intent, creating privacy risk and unexpected data retention or analysis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that user profiles and BP files are stored locally but does not present a prominent upfront warning about persistent retention, duration, deletion, or user control. For fundraising materials and business plans, silent persistence can expose highly sensitive company information to later access by other local users, backups, or compromised processes.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger description includes broad terms such as '融资/条款/焦虑', and especially '焦虑' ('anxiety'), which are common in ordinary conversation and could cause unintended activation. For a skill positioned as an advisor handling sensitive fundraising context, accidental invocation may expose private business or emotional-context data to the skill more often than users expect.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger keywords are broad, common conversational terms such as '担心', '怎么办', and '急', which can cause the skill to activate emotional-intervention or negotiation flows during ordinary discussion rather than explicit requests. In a financing advisory context, this can misroute users into persuasive or emotionally framing responses, reducing reliability and potentially influencing important business decisions at the wrong time.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The routing table uses broad natural-language trigger phrases such as '条款', '估值', '焦虑', and '找投资人', which can easily appear in many unrelated user messages. This can cause the assistant to invoke the wrong module, leading to irrelevant guidance, missed safety disclaimers, or collection of profile data when the user did not intend that workflow.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The system prompt is written to operate in Chinese and does not offer language selection or user opt-in, which can exclude or confuse users who communicate in another language. In a financing-advice context, misunderstanding terms, disclaimers, or action items can reduce accuracy and may cause users to act on advice they did not fully understand.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description embeds broad trigger terms such as “融资/条款/焦虑”, and terms like “条款” or especially “焦虑” can appear in many ordinary conversations unrelated to this skill’s intended scope. This can cause over-activation and unintended handling of sensitive financial or emotional discussions, increasing the chance that the skill is invoked without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
74% confidence
Finding
The description explicitly markets the skill as Chinese-only (“🇨🇳 中文”) without indicating language fallback, user choice, or justification. While not directly enabling code execution or data exfiltration, this can mis-handle user interactions, reduce informed consent, and cause users to receive financial guidance in a language they did not request or fully understand.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal