ClawHub

FDE 前沿部署工程师

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed FDE methodology guide with a local questionnaire generator, and I found no hidden data access, exfiltration, persistence, or unsafe automatic execution.

Install only if you want an FDE/customer deployment methodology skill. When using it with real customers, confirm authorization, avoid collecting secrets or regulated data unless approved, use desensitized data for prototypes, and be careful not to overwrite an existing report file with the audit script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README defines a very broad set of trigger phrases, including generic terms like 'FDE', '驻场工程师', and '企业AI落地', without specifying activation boundaries, disambiguation rules, or negative examples. This can cause unintended skill activation in unrelated conversations, increasing the chance that the agent applies this workflow in the wrong context or exposes internal methodology when not requested.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is unusually broad and includes generic enterprise phrases such as '企业AI落地', '定制化AI方案', and '业务价值交付', which could activate the skill during ordinary strategy or delivery discussions unrelated to this specific methodology. Overbroad activation increases the chance of accidental invocation in sensitive business contexts, causing the agent to steer users into audit/deployment workflows without clear intent confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to perform customer audits, inventory data assets, assess access permissions, and generate structured audit reports, but it provides no warning to avoid collecting secrets, regulated data, or unauthorized customer information. In the broader skill context, this is more dangerous because later sections also guide system integration and production deployment, so an accidentally or casually invoked workflow could lead to unsafe handling of sensitive enterprise data and operational changes.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The tool writes to a user-specified path with Path.write_text() and does not check whether the target file already exists before overwriting it. In normal CLI use this can cause unintended destruction of existing local files, especially when paths are mistyped or supplied indirectly by another wrapper or automation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal