ClawHub

Home Layout

Security checks across malware telemetry and agentic risk

Overview

The skill is not executable malware, but its advertised home-layout purpose does not match instructions for local venue discovery, queues, bookings, parking, and reviews.

Review before installing. This appears to be a mismatched or low-quality skill rather than malware, but users expecting home-layout guidance may instead get location and commerce-oriented behavior. It should be rewritten to match home-layout tasks or renamed and clearly scoped as a local venue discovery skill with location and source-verification expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill is declared as a home-layout assistant, but the body describes location-based venue discovery, popularity filters, queue status, reservations, parking, navigation, and community reviews. This creates a strong domain mismatch that can mislead routing systems and users, causing the skill to be invoked for unrelated commerce/location tasks and potentially enabling covert capability expansion beyond the stated purpose.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documentation describes a fundamentally different behavior domain from the manifest metadata, indicating either poor governance or intentional concealment of functionality. In agent ecosystems, this kind of mismatch is dangerous because trust, permissioning, and invocation decisions may rely on the declared purpose while the actual prompts steer the model into unrelated tasks.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example invocations are overly broad and generic, with placeholders like '具体场景任务' and '核心功能' that do not constrain when the skill should be used. Loose trigger phrasing increases the chance of over-invocation, ambiguous routing, and accidental use in contexts outside the intended scope, especially when combined with the already-misaligned documentation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal