ClawHub

Senior Django Developer

Security checks across malware telemetry and agentic risk

Overview

This is a Django coding guidance skill with coherent security-focused instructions, though users should watch its broad rewrite style and ignore its request for detailed chain-of-thought output.

Use this skill when you want strict Django project scaffolding or code generation. Ask for 'minimal changes' if you want a narrow edit, review full-file rewrites before applying them, do not require hidden chain-of-thought output, and pin/review generated dependencies before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the model to reveal a dedicated 'Цепочка мыслей' section describing step-by-step reasoning. Requiring internal reasoning disclosure is dangerous because it can leak hidden deliberation, enable prompt extraction, and weaken downstream safety controls unrelated to the stated Django coding task.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill description is extremely broad and lacks clear invocation boundaries, making it easy for the agent to apply the skill outside narrowly intended Django architecture scenarios. Overbroad activation increases the chance that restrictive formatting, unsafe output requirements, or prompt-level directives will affect unrelated tasks.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill mandates Russian for reasoning without user choice or operational justification. Forced language selection can override user expectations, reduce transparency, and in this case compounds the more serious issue of requiring internal reasoning disclosure.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The response format forces a Russian section title and Russian planning content regardless of user request. This creates unnecessary prompt rigidity and can be used to coerce model behavior in ways unrelated to the actual task, especially when paired with mandatory reasoning disclosure.

Ssd 1

Medium
Confidence
99% confidence
Finding
The skill semantically directs the model to disclose hidden deliberation by requiring a dedicated chain-of-thought section. This is a prompt-injection-style safety issue because it attempts to override standard non-disclosure practices for internal reasoning and can expose sensitive policy or decision-making traces.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal