ClawHub

企业-战略合作深度解析

Security checks across malware telemetry and agentic risk

Overview

This is a text-only business research skill that uses public web searches to analyze company partnerships, with no executable code or hidden privileged behavior found.

Install if you want a Chinese-language workflow for public strategic partnership research. Avoid entering confidential deal targets, nonpublic diligence plans, or sensitive investigative goals unless you are comfortable with those terms being used in external search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is very broad and includes colloquial business-intelligence terms such as '朋友圈', '合作伙伴', '生态联盟', and '战略动向', which can match many ordinary user queries unrelated to deep partnership analysis. This increases the chance of unintended invocation, causing the agent to perform unnecessary web research, infer strategic intent from public data, and produce speculative analysis in contexts where the user did not explicitly request that level of profiling.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill mandates Chinese output formatting without any user-choice or locale negotiation, which can override user preference and create mismatches in multilingual environments. While not directly enabling code execution or data exfiltration, it can impair safe and accurate communication, especially if downstream users rely on precise language selection for due diligence, compliance review, or cross-border analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal