ClawHub

AI Content Brief, Script & Outline Generator — Research Assistant for Video & Image generation

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed knowledge guide, but one model-selection section advises routing sensitive real-person or sexualized image tasks to more permissive providers.

Install only if you are comfortable with a knowledge skill that may influence downstream image/video generation choices. Review the model-selection guidance and avoid using provider choice to bypass safety limits for real people, celebrities, children, sexual content, or other restricted content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file is entirely written in Chinese and presents operational guidance to the agent without any language selection, fallback, or user opt-in. In a multilingual skill, this can cause the agent to ignore user language preferences, misunderstand instructions, or produce inaccessible outputs for non-Chinese users, creating a prompt-quality and reliability issue rather than a direct exploit path.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The guide instructs the agent to implicitly translate non-English prompts into English without explicit user consent. This can alter user meaning, remove nuance, mistranslate proper nouns or safety-relevant wording, and cause outputs that do not match the user's request or compliance expectations. In a research/planning skill that shapes downstream prompts, this behavior is more dangerous because the transformed prompt may later be used by other generation tools without the user noticing the semantic drift.

Ssd 1

Medium
Confidence
98% confidence
Finding
The file explicitly recommends selecting a 'more permissive' model for sensitive tasks such as real-person photo processing and sexualized content after warning about provider restrictions. That guidance can help users route disallowed or safety-sensitive requests to weaker-policy providers, effectively facilitating policy evasion and increasing the likelihood of generating harmful or non-compliant content.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal