ClawHub

AI Customer Service KB Builder

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward customer-service knowledge-base builder that reads user-chosen files or URLs and writes user-chosen output, with some quality and guardrail limitations.

Install only if you are comfortable running a simple local Node.js CLI and manually choosing the files, URLs, and output paths it can access. Avoid pointing it at sensitive files or important output paths by accident, review generated answers before using them with customers, and check site permissions or robots.txt yourself before scraping because the code does not enforce that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The keyword lists include very short fragments such as "何退" and "货?", which are likely to match unrelated user inputs and trigger the wrong knowledge-base answer. In a support skill, this can degrade routing quality, surface incorrect policy information, and make prompt/response behavior unpredictable, though it does not directly enable code execution or privilege abuse.

Vague Triggers

Medium
Confidence
97% confidence
Finding
Using the standalone keyword "订单" is overly generic and can activate this entry for many unrelated order-related requests, not just order modification. That can cause the system to return incorrect operational guidance, which is especially problematic in customer-service flows where users may rely on the response to take time-sensitive actions.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The standalone keyword "问题" is extremely broad and may match almost any troubleshooting or complaint message, causing this quality-issue answer to be returned in unrelated contexts. This increases the risk of misclassification and user confusion, particularly in a general-purpose support knowledge base with multiple overlapping topics.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal