ClawHub
Back to skill

Security audit

pm-requirement-review-simulator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LLM-only PRD review simulator with no scripts, persistence, credential use, or hidden execution behavior.

Install only if you want a Chinese/English PRD review simulator that produces structured scoring and an HTML-style report. Avoid pasting confidential PRDs, regulated legal/medical/financial details, or internal business data unless you are comfortable having the agent process that content; treat the generated compliance and legal sections as advisory, not professional counsel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file hard-codes Chinese-only output requirements ('仅JSON' plus fully Chinese schema/content requirements) without any user language negotiation. In a multi-language agent, this can override user preference, degrade safety/usability, and make downstream review or policy checks less reliable if consumers expect another language.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.