ClawHub

企业-招投标合规风险预警

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed China-focused procurement compliance research skill that searches public sources and produces risk reports, with no executable code, persistence, credential use, or hidden behavior found.

Install this when you want China procurement or tender-compliance due diligence on companies. Be aware it may be less suitable for non-China jurisdictions or general reputation checks, and users should verify cited official sources before making supplier exclusion or contract decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger set is broad enough to activate on generic company due-diligence, negative-news, or reputational-review requests, not just narrowly scoped bid-compliance investigations. This can cause the agent to invoke a specialized risk skill in contexts where the user did not ask for procurement-focused analysis, leading to overscoped data gathering, mismatched outputs, and unnecessary handling of sensitive corporate information.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill content hardcodes Chinese-language behavior and output structure without checking the user's preferred language or documenting a locale restriction. This can produce inaccessible or misleading results for users operating in other languages, and may cause incorrect assumptions about jurisdiction, sources, and applicability of the analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal