ClawHub

AI测试工程师

Security checks across malware telemetry and agentic risk

Overview

This appears to be a test-engineering guidance skill with expected automation behaviors, but users should scope it carefully around sensitive test data and artifacts.

Install this for deliberate test-engineering work. Before using it, keep automation pointed at test or staging environments, use disposable or least-privilege database access, redact screenshots/DOM/video artifacts, and watch for accidental activation from generic testing-related prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger guidance is broad enough to match many ordinary testing-related requests, which can cause the skill to activate outside its intended scope. Over-broad activation increases the chance that the agent follows this skill’s rigid workflow when the user wanted a narrower or different response, creating prompt-scope interference and reducing user control.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description includes a very long list of generic trigger words such as testing, reports, automation, and quality metrics without contextual constraints. This makes accidental invocation likely across unrelated conversations, which can bias agent behavior, crowd out other skills, and enable unintentional instruction injection through inappropriate skill loading.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guidance recommends automatic screenshots, recordings, and DOM snapshots on test failure but does not mention redaction, masking, retention limits, or restricting this to non-production environments. In a test automation skill, these artifacts can capture credentials, session tokens, personal data, or other sensitive content and then propagate it into reports, CI artifacts, or chat notifications.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The framework setup and API assertion guidance include database connections and database-change verification without warning about isolation, least privilege, or use of non-production data stores. In automation contexts, this can lead to tests reading sensitive records, corrupting persistent data, or accidentally operating against staging/production databases if configuration is wrong.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal