ClawHub

Suno提示词工具

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Suno prompt helper with some overly broad trigger wording, but it does not run code, request credentials, or perform hidden actions.

Install this as a low-risk prompt helper, but be aware that generic trigger words like “Prompt” may cause it to activate when you wanted a different prompt-related tool. Review the GitHub source first if installing from the external repo rather than the ClawHub package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
97% confidence
Finding
The trigger list includes the generic Chinese term "提示词" (“prompt”), which is a common everyday phrase and not sufficiently scoped to this skill. In a chat agent, such a broad trigger can cause unintended activation during unrelated conversations, leading the skill to intercept requests it was not meant to handle and potentially override more appropriate behavior.

Vague Triggers

Medium
Confidence
98% confidence
Finding
The English trigger list includes the standalone word "Prompt", which is extremely broad and likely to appear in many unrelated user requests. This creates a high risk of accidental skill invocation, causing routing confusion, poor user experience, and possible interference with other prompt-related tools or core assistant functionality.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is excessively broad and includes generic terms such as “提示词”, “Prompt”, and “prompt”, which are likely to appear in many unrelated conversations. This can cause unintended skill invocation, leading to context hijacking or inappropriate routing where the skill overrides more relevant tools or user intent.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Mandating Chinese translation for every English prompt without user choice can cause unwanted disclosure of transformed content, reduce usability for non-Chinese users, and create output-policy conflicts in multilingual contexts. While not a direct exploit primitive, it is a real safety and product-security issue because rigid output constraints can override user intent and increase the chance of inappropriate or confusing responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal