ClawHub

Book Report

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed book-report generator that fetches public book information, optionally reads a user-provided PDF, and writes local report files.

Install only if you want a Chinese-oriented book-report workflow. Invoke it explicitly for report generation, review generated files before sharing them, and be aware that user-supplied PDFs are read locally and cached/report outputs are stored under the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes very generic terms such as “了解”, “研究”, “讲一下”, “聊”, “书”, and “读”, which are common in ordinary conversation and can cause the skill to activate when the user did not intend to request this workflow. Unintended invocation can lead to unnecessary web fetching, file generation, and confusion about agent behavior, especially because the skill produces artifacts automatically.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match ordinary book-related requests, which can cause the skill to activate in situations where the user did not explicitly ask for this specific workflow. That creates a prompt-scope risk: the agent may invoke web fetching, PDF processing, and report-generation behavior unexpectedly, leading to unnecessary data access or undesired task steering.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description uses expansive invocation wording like '了解一本书' and '研究 XXX', which overlaps with common user intents that may not imply consent to run this skill. In an agent setting, ambiguous activation criteria can cause over-triggering and unnecessary execution of external-fetch or file-processing steps.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Forcing English-mode inputs into Chinese-style output without user choice can violate user expectations and reduce transparency about how the response will be presented. While not a classic code-execution issue, it is a genuine safety and usability problem because it may override user language preferences and produce misleadingly localized output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal