ClawHub

专家工具箱

Security checks across malware telemetry and agentic risk

Overview

This skill is a local expert-role prompt browser and matcher, with no evidence of network access, file modification, credential use, persistence, or destructive behavior.

Install only if you are comfortable letting local role markdown influence model responses. Keep the roles directory limited to trusted role packs, avoid overriding EXPERT_TOOLKIT_ROLES_ROOT to broad or sensitive folders, and review third-party role files before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The mapping uses very broad triggers such as "bug" and "review", which are common terms in ordinary conversation and can route users into specialized skills unintentionally. In an agent system, this can cause incorrect skill invocation, context leakage across domains, or unsafe automation if downstream skills have elevated capabilities.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several Chinese triggers like "测试", "安全", "数据", and "分析" are highly generic and likely to appear in many unrelated requests, making accidental routing plausible. This increases the chance of misclassification and unintended access to tools or expert personas that the user did not actually request.

Ssd 3

Medium
Confidence
91% confidence
Finding
The function `build_system_prompt` injects `user_query` verbatim into a generated system prompt, and callers return that full prompt for downstream model use. In this skill's context, expert role files are loaded from disk and combined with untrusted user input, so sensitive user content can be unnecessarily echoed, persisted in logs, or forwarded to other model/tooling layers, increasing prompt-injection and privacy exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal