ClawHub

Video Script Writer

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a markdown-only Chinese short-video script writing skill with broad activation wording but no evidence of code execution, data access, persistence, or exfiltration.

Install this if you want Chinese short-video script help. Be aware it may activate on broad script, copywriting, hook, or topic-planning prompts, and it defaults to Chinese output, so users should clarify when they want unrelated writing or another language.

SkillSpector (4)

By NVIDIA

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation conditions are very broad and overlap with common writing-help requests such as '脚本' or '文案'. In an agentic environment, this can cause unintended skill invocation and route ordinary user requests into a specialized workflow the user did not explicitly choose, reducing predictability and potentially overriding more appropriate tools or instructions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The mode triggers are described in conversational language ('告诉我主题', '给我主题') without precise switching rules. This ambiguity can make the agent choose the wrong operating mode, leading to unexpected behavior or incorrect transformations of user content, though the security impact is limited because no privileged action is exposed.

Vague Triggers

Low
Confidence
81% confidence
Finding
Automatic keyword-based template selection uses broad categories and falls back to a general template when uncertain, which weakens control over when the skill applies a specialized behavior. This can cause misclassification of user intent and accidental invocation on unrelated content, creating reliability and routing issues rather than direct code-execution risk.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Mandating Chinese output regardless of user preference can override the user's requested language and reduce transparency about how the skill behaves. In multi-language environments, this can lead to unintended data handling, usability failures, or policy noncompliance if the user expects output in another language.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal