ClawHub

Book Multi Lens

Security checks across malware telemetry and agentic risk

Overview

This skill only gives the assistant a structured way to analyze book quotes or viewpoints from multiple perspectives.

Install this if you want quote and reading-note analysis framed through several balanced perspectives. Be aware it may activate for broad requests involving quotes or viewpoints, and verify book or author claims independently when accuracy matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad and includes generic phrases such as "analyze this" and activation on any pasted quote or note, which can cause the skill to activate outside the user's actual intent. In an agent setting, over-triggering can route normal conversation into this skill unexpectedly, leading to unwanted transformations of user content, confusion, or bypass of more appropriate skills and safeguards.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The instruction to "Write in English unless the user writes in Chinese" imposes a language policy without explicit user choice, which can mis-handle multilingual users or conflict with platform/user preferences. While not a direct security exploit, it can cause incorrect or unexpected behavior and reduce user control over output, especially in environments where language selection affects downstream processing or comprehension.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are broad enough to activate on ordinary discussion of books, quotes, opinions, or pasted text, which can cause the skill to take over interactions the user did not explicitly intend to route through this workflow. In an agent setting, overbroad activation is dangerous because it can override user expectations, mis-handle unrelated content, and increase exposure to prompt-injection or context-misuse from arbitrary pasted material.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill imposes a default Chinese-language response policy unless the user writes in English, which can conflict with the user's actual language preference and reduce transparency or usability. While not a severe security flaw by itself, hidden language overriding can cause unintended behavior, mishandling of multilingual contexts, and user confusion in systems where output language affects downstream processing or safety review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal