ClawHub

AI产品经理全流程助手

Security checks across malware telemetry and agentic risk

Overview

This AI product-management helper is coherent and does not show hidden data access, persistence, or destructive behavior.

Install if you want a structured AI product-management assistant. Be aware that its broad triggers may make it activate for general PM discussions, and avoid copying the chain-of-thought prompt pattern into production assistants; prefer brief rationale summaries instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The prompt pattern explicitly instructs the model to reveal its step-by-step reasoning ('思考过程'). Exposing chain-of-thought can leak hidden reasoning, intermediate safety logic, or sensitive contextual inferences, and it is not necessary for an AI product manager skill to fulfill its stated purpose. In a reusable prompt library, this pattern may be copied into downstream agents broadly, increasing the chance of oversharing internal reasoning or policy-relevant internals.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill states that when a user raises 'any' AI product-management related task, it should auto-match and guide execution. This broad activation scope can cause unintentional triggering in ordinary workplace conversations, leading the assistant to inject this skill's behavior, workflow, or assumptions into contexts where the user did not explicitly request it.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes highly generic phrases such as '需求分析', '产品方案', '写PRD', and 'Prompt设计', which commonly appear in normal business discussions. Overlapping triggers increase the chance of accidental activation, context hijacking, or inappropriate routing of unrelated requests into this skill's prescriptive workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal