ClawHub

Paper Defense Q&A + Code Audit + Visual Answer Cards

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a local paper-defense helper, but its published metadata claims unrelated purchase and crypto capabilities that users should review before installing.

Install only if you can deny or ignore any purchase/crypto capability requests and limit access to the specific paper, code, logs, and output folder needed. Expect Chinese-first outputs unless you explicitly change the workflow or prompt for another language.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill repeatedly instructs the agent to read from and write to many repository paths and to create a large set of output files, but the frontmatter declares no permissions. That mismatch can cause the hosting system or user to approve a skill without understanding its effective filesystem access, which weakens consent and increases the chance of unintended data exposure or workspace modification.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The README frames the skill as producing Chinese-language outputs by default and does not clearly offer a user-choice mechanism for output language. This can undermine user intent, accessibility, and downstream workflow compatibility, especially when users or integrated systems expect English or locale-adaptive output.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The contract hard-codes a Chinese-language output path and Chinese section headings without any indication that the user's preferred language should be honored. This can cause the skill to ignore user intent, produce unusable deliverables for non-Chinese-speaking users, and create downstream workflow or accessibility issues, even though it is not a classic security exploit.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The line "把论文背后的代码、配置、训练流程、评估流程转成答辩问题和证据检查清单。" imposes Chinese output behavior without giving the user a language choice or documenting that the skill is intentionally Chinese-only. This can cause unintended language switching, reduce usability, and create prompt-control issues where the skill overrides user preferences or downstream system expectations.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The workflow is written and scoped entirely in Chinese, and it hardcodes Chinese-named inputs/outputs plus a mandatory final Chinese reminder sentence. That can override user language preference and cause the agent to respond in an unexpected language, which is a security-relevant policy/control issue because it reduces user comprehension and informed review of generated content, especially for high-stakes defense or code-audit materials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal