ClawHub

大六壬技能

Security checks across malware telemetry and agentic risk

Overview

This is a local divination skill with no evidence of data theft or persistence, but it lacks guardrails against relying on predictions for serious decisions.

Install only if you want cultural or entertainment-style divination. Do not rely on it for medical, legal, financial, safety, relationship, career, or travel decisions; for health or urgent matters, use qualified professional advice instead. Expect possible runtime or packaging problems because the documented Python script is missing and the included JavaScript does not pass syntax checking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation examples are very broad everyday requests such as lost items, relationships, career, travel, and health, which can cause the assistant to invoke this divination skill in ordinary high-stakes conversations without clear boundaries. In this context, the skill produces authoritative predictive guidance that may influence real decisions, so over-broad triggering increases the chance of unsafe or inappropriate use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly supports predictive outputs for health, marriage/relationships, career, travel, and similar life decisions, but it provides no warning that the results are entertainment, cultural, or spiritual content rather than reliable professional advice. Because the skill presents concrete judgments like severity, success, timing, and direction, users may over-trust it and make harmful real-world decisions based on unsupported predictions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal