ClawHub

Structured Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only workflow skill that mainly changes response style to concise Simplified Chinese and does not run code or access data.

Install this only if you want the agent to default to concise Simplified Chinese and a structured plan/review/task workflow. Be aware that the skill phrases Chinese output as mandatory, so users who often need English or another language may need to override it explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill metadata states that Simplified Chinese is the default output language for all tasks, which can override user preferences or platform language policy. A blanket language mandate is risky because it changes model behavior globally and may degrade usability, accessibility, or compliance in contexts requiring another language.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The rule '全部使用简体中文' requires all responses to be in Simplified Chinese without user opt-in. This is dangerous because it imposes a fixed output policy that can conflict with user requests, accessibility needs, or operational requirements for another language.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
Requiring all outputs, including workflow artifacts like plans or thoughts, to use Chinese extends the language constraint to every response type and increases the chance of policy conflict. Even if intended for consistency, this broad mandate can interfere with user-directed language choice and create avoidable instruction-following failures.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file explicitly requires outputs to be in Chinese ('输出是否中文且精炼') as a default quality gate, which can override user language preference or system-level expectations if applied universally. While not directly enabling code execution or data exfiltration, it can degrade usability, cause instruction conflicts, and create unsafe behavior in contexts where precise language control is important.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal