ClawHub

AI合同智能审查助手

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for contract review, but it handles sensitive contract text while under-disclosing external script loading, broad activation, and local report persistence.

Review before installing if you handle confidential contracts. The skill writes contract contents into a local HTML report and that report loads Chart.js from a public CDN when opened, so avoid using it for highly sensitive documents unless you are comfortable with that external dependency or replace it with a local bundled chart library. Use explicit prompts and redact personal, trade-secret, or deal-sensitive terms where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The template loads Chart.js from a public CDN at render time, which creates a supply-chain and integrity risk: if the CDN, package, or network path is compromised, arbitrary JavaScript will execute in the context of the generated report. Because this report renders contract contents and analysis data, any malicious script could exfiltrate sensitive legal text or manipulate the displayed findings.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include very generic requests such as “帮我看看合同” and “合同分析”, which can overlap with normal conversation and unintentionally invoke the skill outside a clearly scoped user intent. In a contract-review skill, this can cause over-activation, accidental processing of sensitive contract text, and confusion about whether the user wanted legal-style analysis or a general discussion.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and map to common user language, which can cause the skill to auto-activate in situations where the user did not intend full contract ingestion and analysis. Because the skill handles sensitive legal documents and may read pasted or uploaded content, overbroad activation increases the chance of processing confidential material without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Treating any uploaded or pasted contract text as an automatic trigger is risky because users may share documents for context, storage, or unrelated assistance rather than consent to full legal-style analysis and HTML report generation. In a legal-document context, this can lead to unintended handling of highly sensitive business, employment, or investment terms.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill processes potentially sensitive contracts from pasted text, local files, and URLs, yet it provides no upfront privacy warning or data-handling notice. Users may unknowingly expose confidential commercial terms, personal information, or employment details without understanding that the content will be parsed, transformed into JSON, and written into an HTML report on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal