ClawHub

技能随行官

Security checks across malware telemetry and agentic risk

Overview

This skill openly adds a skill-usage footer to every assistant reply and only keeps a narrow local skill-name log, with no evidence of credential access, network sending, or destructive behavior.

Install this only if you want every assistant response to include a Chinese skill-usage footer. Be aware that the helper script can keep a temporary local history of skill names in skill_usage_log.json under TEMP or /tmp; clear that file or avoid the helper if you do not want usage history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'LOG_FILE' from os.environ.get (line 10, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
def save_log(log):
    """保存记录。"""
    try:
        with open(LOG_FILE, 'w', encoding='utf-8') as f:
            json.dump(log, f, ensure_ascii=False, indent=2)
    except Exception:
        pass
Confidence
91% confidence
Finding
with open(LOG_FILE, 'w', encoding='utf-8') as f:

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill description and behavior force Chinese-language reporting regardless of the user's language or preference. This is dangerous because it can override user/system expectations, degrade transparency, and create prompt-level integrity issues where responses are modified in a way the user did not request, especially in multilingual or compliance-sensitive contexts.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill mandates appending a fixed Chinese suffix to every reply, even simple greetings, regardless of user intent or language. This creates unauthorized response modification and can leak internal workflow information about skill usage on every turn, which may expose operational metadata and reduce the assistant's ability to follow higher-priority user formatting requirements.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal