ClawHub

姓名五格数理测算

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised Chinese name numerology and name generation, with disclosed dictionary download and cache behavior users should understand.

Install if you are comfortable with name-related prompts invoking numerology behavior and with rare-character lookups downloading about 3MB of dictionary data from GitHub/CDN sources. For restricted environments, prepopulate the cache, disable automatic downloads, or use a pinned checksum-verified dictionary source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tainted flow: '_CACHE_FILE' from os.environ.get (line 66, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
def _save_cache(data: dict):
    _CACHE_DIR.mkdir(parents=True, exist_ok=True)
    with open(_CACHE_FILE, "w", encoding="utf-8") as f:
        json.dump(data, f, ensure_ascii=False, separators=(",", ":"))

def _load_cache() -> Optional[dict]:
Confidence
90% confidence
Finding
with open(_CACHE_FILE, "w", encoding="utf-8") as f:

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is configured to trigger on extremely broad inputs, including just a person's name, which creates a high risk of accidental invocation during unrelated conversations. This can cause the agent to misroute benign user input into fortune-telling/name-analysis behavior, producing irrelevant or misleading outputs without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger examples include vague everyday phrases such as asking whether a name is good, or requesting some nice-sounding names, which lack strong scope boundaries. In a multi-skill environment, such broad matching can hijack general conversation or naming requests and invoke this specialized skill when the user did not actually request numerology analysis.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase for random name generation is very broad and overlaps with ordinary conversational requests such as '帮我想名字' or '帮我想好听的名字'. In an agent environment, this can cause unintended skill activation on benign user messages, leading to unexpected processing and reduced user control over which capability is invoked.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The tutorial defines multiple activation forms including raw names and common phrases like '帮我看看这个名字好不好', without clearly specifying boundaries or disambiguation rules. This makes accidental invocation more likely when users discuss names in normal conversation, which is risky for agent skills that may auto-route based on loose matching.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase for random-name generation is highly generic and likely to appear in normal chat, making false activations plausible. In skill-routing systems, such generic language can hijack unrelated conversations into invoking the naming tool unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that the skill will automatically download an external Kangxi dictionary resource, but it does not clearly disclose network access conditions, source trust, integrity protections, or user-consent implications. Silent external downloads increase supply-chain, privacy, and reliability risk, especially in restricted or offline environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal